Описание
Security update for python-Twisted
This update for python-Twisted fixes the following issues:
- CVE-2020-10108: Fixed an HTTP request smuggling issue (bsc#1166457).
- CVE-2020-10109: Fixed an HTTP request smuggling issue (bsc#1166458).
Список пакетов
HPE Helion OpenStack 8
python-Twisted-15.2.1-9.20.1
SUSE Linux Enterprise Module for Web and Scripting 12
python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 8
python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 9
python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud Crowbar 8
python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud Crowbar 9
python-Twisted-15.2.1-9.20.1
Ссылки
- Link for SUSE-SU-2022:2811-1
- E-Mail link for SUSE-SU-2022:2811-1
- SUSE Security Ratings
- SUSE Bug 1166457
- SUSE Bug 1166458
- SUSE CVE CVE-2020-10108 page
- SUSE CVE CVE-2020-10109 page
Описание
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.
Затронутые продукты
HPE Helion OpenStack 8:python-Twisted-15.2.1-9.20.1
SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 8:python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 9:python-Twisted-15.2.1-9.20.1
Ссылки
- CVE-2020-10108
- SUSE Bug 1166457
Описание
In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request.
Затронутые продукты
HPE Helion OpenStack 8:python-Twisted-15.2.1-9.20.1
SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 8:python-Twisted-15.2.1-9.20.1
SUSE OpenStack Cloud 9:python-Twisted-15.2.1-9.20.1
Ссылки
- CVE-2020-10109
- SUSE Bug 1166458