openSUSE-SU-2019:1760-1

Опубликовано: 21 июл. 2019

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issue:

Security issue fixed:

CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

python-Twisted-doc-17.9.0-lp151.3.3.1

python2-Twisted-17.9.0-lp151.3.3.1

python3-Twisted-17.9.0-lp151.3.3.1

openSUSE Leap 15.1

python-Twisted-doc-17.9.0-lp151.3.3.1

python2-Twisted-17.9.0-lp151.3.3.1

python3-Twisted-17.9.0-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IXM52Z7OZQKEBVKJAXNZAPMTC5NN267A/#IXM52Z7OZQKEBVKJAXNZAPMTC5NN267A
E-Mail link for openSUSE-SU-2019:1760-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1137825
SUSE Bug 1137825
https://www.suse.com/security/cve/CVE-2019-12387/
SUSE CVE CVE-2019-12387 page

Описание

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

Затронутые продукты

openSUSE Leap 15.0:python-Twisted-doc-17.9.0-lp151.3.3.1

openSUSE Leap 15.0:python2-Twisted-17.9.0-lp151.3.3.1

openSUSE Leap 15.0:python3-Twisted-17.9.0-lp151.3.3.1

openSUSE Leap 15.1:python-Twisted-doc-17.9.0-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12387.html
CVE-2019-12387
https://bugzilla.suse.com/1137825
SUSE Bug 1137825

openSUSE-SU-2019:1760-1

Описание

Список пакетов

openSUSE Leap 15.0

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-12387

Описание

Затронутые продукты

Ссылки