SUSE-SU-2024:2880-1

Опубликовано: 12 авг. 2024

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issues:

CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549)
CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552)

Список пакетов

Image SLES15-SP4-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP-Hardened

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP-Hardened-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAPCAL

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-SAPCAL-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-Azure-3P

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-Azure-Basic

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-Azure-Standard

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-HPC-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-HPC-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-SAP-Azure-3P

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-SAP-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-SAP-Hardened-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP5-SAPCAL-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-Azure-Basic

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-Azure-Standard

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-HPC

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-HPC-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-HPC-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAP-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAP-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAP-Hardened

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAP-Hardened-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP6-SAPCAL-Azure

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise Module for Public Cloud 15 SP4

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise Module for Python 3 15 SP5

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise Module for Python 3 15 SP6

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise Server 15 SP4-LTSS

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

openSUSE Leap 15.5

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

openSUSE Leap 15.6

python311-Twisted-22.10.0-150400.5.23.1

python311-Twisted-all_non_platform-22.10.0-150400.5.23.1

python311-Twisted-conch-22.10.0-150400.5.23.1

python311-Twisted-conch_nacl-22.10.0-150400.5.23.1

python311-Twisted-contextvars-22.10.0-150400.5.23.1

python311-Twisted-http2-22.10.0-150400.5.23.1

python311-Twisted-serial-22.10.0-150400.5.23.1

python311-Twisted-tls-22.10.0-150400.5.23.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242880-1/
Link for SUSE-SU-2024:2880-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036410.html
E-Mail link for SUSE-SU-2024:2880-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1228549
SUSE Bug 1228549
https://bugzilla.suse.com/1228552
SUSE Bug 1228552
https://www.suse.com/security/cve/CVE-2024-41671/
SUSE CVE CVE-2024-41671 page
https://www.suse.com/security/cve/CVE-2024-41810/
SUSE CVE CVE-2024-41810 page

Описание

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1.

Затронутые продукты

Image SLES15-SP4-BYOS-Azure:python311-Twisted-22.10.0-150400.5.23.1

Image SLES15-SP4-BYOS-Azure:python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS-Azure:python311-Twisted-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS-Azure:python311-Twisted-tls-22.10.0-150400.5.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41671.html
CVE-2024-41671
https://bugzilla.suse.com/1228549
SUSE Bug 1228549

Описание

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.

Затронутые продукты

Image SLES15-SP4-BYOS-Azure:python311-Twisted-22.10.0-150400.5.23.1

Image SLES15-SP4-BYOS-Azure:python311-Twisted-tls-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS-Azure:python311-Twisted-22.10.0-150400.5.23.1

Image SLES15-SP4-HPC-BYOS-Azure:python311-Twisted-tls-22.10.0-150400.5.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-41810.html
CVE-2024-41810
https://bugzilla.suse.com/1228552
SUSE Bug 1228552

SUSE-SU-2024:2880-1

Описание

Список пакетов

Image SLES15-SP4-BYOS-Azure

Image SLES15-SP4-HPC-BYOS

Image SLES15-SP4-HPC-BYOS-Azure

Image SLES15-SP4-Hardened-BYOS-Azure

Image SLES15-SP4-SAP

Image SLES15-SP4-SAP-Azure

Image SLES15-SP4-SAP-BYOS-Azure

Image SLES15-SP4-SAP-Hardened

Image SLES15-SP4-SAP-Hardened-Azure

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

Image SLES15-SP4-SAPCAL

Image SLES15-SP4-SAPCAL-Azure

Image SLES15-SP5-Azure-3P

Image SLES15-SP5-Azure-Basic

Image SLES15-SP5-Azure-Standard

Image SLES15-SP5-BYOS-Azure

Image SLES15-SP5-HPC-Azure

Image SLES15-SP5-HPC-BYOS-Azure

Image SLES15-SP5-Hardened-BYOS-Azure

Image SLES15-SP5-SAP-Azure-3P

Image SLES15-SP5-SAP-BYOS-Azure

Image SLES15-SP5-SAP-Hardened-Azure

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

Image SLES15-SP5-SAPCAL-Azure

Image SLES15-SP6-Azure-Basic

Image SLES15-SP6-Azure-Standard

Image SLES15-SP6-BYOS-Azure

Image SLES15-SP6-HPC

Image SLES15-SP6-HPC-Azure

Image SLES15-SP6-HPC-BYOS-Azure

Image SLES15-SP6-Hardened-BYOS-Azure

Image SLES15-SP6-SAP-Azure

Image SLES15-SP6-SAP-BYOS-Azure

Image SLES15-SP6-SAP-Hardened

Image SLES15-SP6-SAP-Hardened-Azure

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

Image SLES15-SP6-SAPCAL-Azure

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Public Cloud 15 SP4

SUSE Linux Enterprise Module for Python 3 15 SP5

SUSE Linux Enterprise Module for Python 3 15 SP6

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-41671

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-41810

Описание

Затронутые продукты

Ссылки