openSUSE-SU-2022:0499-1

Опубликовано: 18 фев. 2022

Источник: suse-cvrf

Описание

Security update for python-Twisted

This update for python-Twisted fixes the following issues:

CVE-2022-21712: Fixed secret exposure in cross-origin redirects by properly removing sensitive headers when redirecting to a different origin (bsc#1195667).

Список пакетов

openSUSE Leap 15.3

python-Twisted-doc-19.10.0-3.6.1

python2-Twisted-19.10.0-3.6.1

python3-Twisted-19.10.0-3.6.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/233XDDM6URC3DPBBAKQV2AZQY6TBXJRV/
E-Mail link for openSUSE-SU-2022:0499-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195667
SUSE Bug 1195667
https://www.suse.com/security/cve/CVE-2022-21712/
SUSE CVE CVE-2022-21712 page

Описание

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Затронутые продукты

openSUSE Leap 15.3:python-Twisted-doc-19.10.0-3.6.1

openSUSE Leap 15.3:python2-Twisted-19.10.0-3.6.1

openSUSE Leap 15.3:python3-Twisted-19.10.0-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-21712.html
CVE-2022-21712
https://bugzilla.suse.com/1195667
SUSE Bug 1195667

openSUSE-SU-2022:0499-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-21712

Описание

Затронутые продукты

Ссылки