Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issues:
- CVE-2022-21716: Fixed that ssh server accepts an infinite amount of data using all the available memory (bsc#1196739).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP4
python3-Twisted-22.2.0-150400.5.4.1
openSUSE Leap 15.4
python-Twisted-doc-22.2.0-150400.5.4.1
python3-Twisted-22.2.0-150400.5.4.1
Ссылки
- Link for SUSE-SU-2022:2297-1
- E-Mail link for SUSE-SU-2022:2297-1
- SUSE Security Ratings
- SUSE Bug 1196739
- SUSE CVE CVE-2022-21716 page
Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP4:python3-Twisted-22.2.0-150400.5.4.1
openSUSE Leap 15.4:python-Twisted-doc-22.2.0-150400.5.4.1
openSUSE Leap 15.4:python3-Twisted-22.2.0-150400.5.4.1
Ссылки
- CVE-2022-21716
- SUSE Bug 1196739