USN-5354-1: Twisted vulnerabilities

Releases

• Ubuntu 21.10
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM

Packages

• twisted - Event-based framework for internet applications

Details

It was discovered that Twisted incorrectly filtered HTTP headers when clients
are being redirected to another origin. A remote attacker could use this issue
to obtain sensitive information. (CVE-2022-21712)

It was discovered that Twisted incorrectly processed SSH handshake data on
connection establishments. A remote attacker could use this issue to cause
Twisted to crash, resulting in a denial of service. (CVE-2022-21716)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10

• python3-twisted-bin - 20.3.0-7ubuntu1.1
• python3-twisted - 20.3.0-7ubuntu1.1

Ubuntu 20.04

• python3-twisted-bin - 18.9.0-11ubuntu0.20.04.2
• python3-twisted - 18.9.0-11ubuntu0.20.04.2

Ubuntu 18.04

• python3-twisted - 17.9.0-2ubuntu0.3
• python3-twisted-bin - 17.9.0-2ubuntu0.3
• python-twisted - 17.9.0-2ubuntu0.3
• python-twisted-bin - 17.9.0-2ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

• CVE-2022-21712
• CVE-2022-21716

Related notices

• USN-5354-2: twisted, python-twisted, python-twisted-names, python-twisted-web, python-twisted-lore, python-twisted-news, python-twisted-words, python3-twisted, python-twisted-runner, python-twisted-core, python-twisted-bin, python-twisted-conch, twisted-doc, python-twisted-mail