Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0943 twisted security update 18 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: twisted Publisher: Debian Operating System: Debian GNU/Linux 8 Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-10109 CVE-2020-10108 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2145 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running twisted check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : twisted Version : 14.0.2-3+deb8u1 CVE IDs : CVE-2020-10108 CVE-2020-10109 Debian Bug : #953950 It was discovered that there were a number of HTTP request splitting vulnerabilities in Twisted, an Python event-based framework for building various types of internet applications. For more information, please see: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR For Debian 8 "Jessie", these issues have been fixed in twisted version 14.0.2-3+deb8u1. We recommend that you upgrade your twisted packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5xEMsACgkQHpU+J9Qx HliPwQ/+JqgOVgKwzqpOE2iYgBUZ9v0hkkVOa1W4L6mvAPuQVYaGC8cGLAgcfDQw ulHyAo3xWtqEXQEB3jsF6eQfN6BqHr/3mVXHF3pSgem9Glb7Wi/eyhsRtcc+vcBx UsX/Q2JFt8sC6u6LoQYElH7QqXgLsU/Y1Gia0BFrfhNTSsWZYLNxmdg7qwpPFtJ5 bQP3Z19dPCor+gll+DY9NPGyVqnT+DZ9eXZEtneImmLheoUncU8U8DnjozGgA8Kw I2klrsYINlWl2AGlXvCsX+vUUS/B3aGacDQMplMHIJEqRG+QrvI6P5Mvbr3CVIoF zG3NLRGPYGmpOOHdIOYyjUWFXIwJYsJiLwyYS1kVMiSiMXgkOI2GoHrJqJi1u7jy V7BshpH+xeVyKyeUcDNpFvNIVh/7AGdLSoiWPiz4lnPBK3kLsMjEQsYIa2iauqzR xAXxeyaPOJMFCo1MA9q/SN1pndP72YY188AZIndoU+BJz3d0eCu7KYM57zmclf3E pu1T3jdoXGUvFRT3vZkXsTx5bSJfQZxIxkPcNBux65uQJ8WO5o1esPm9MXfvzsAF 0SdJcbQ1uWNFJGAgAxtBV5z4KFur9u+VtwgZS2qylUc9/tKykGfp9ISkqGGNa4m2 izddiPRxftl22K2SEPsNnnkbg53aaEg0KxQrIWmeOrm0vsLcywQ= =AKJN - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnF6dWaOgq3Tt24GAQjeww//eMZsSLPsRmYT2U385c/uouI91CFnZSg5 9xMG4y0v8uH6ZfGdSVyejsaLatpc3EHnYis2JBZT81JTo8b2kr1kj6h/rzam6yiC hzoJRC3SokWfDS3nXJ8zW8gCeQ0mJnbN51UUKJ7UUQ/zmv95RoGubdQu1ZFwL6Vt iYTNMpidI2Pmbzwzdpw9pWR0iuTbqgAU+lBYzhakvdjDj3utWi90sDQgmEtiBgJm 2UIocXoDk4ohNcyfq7yhn4tP1tjk1kF2tFguVJGIJCChaiZndsw73o+YtTKlyY3k IwrQKQ0EmjnpS6QJba12DM8JU5DtNz/bPw/kOFPwgx21CfpfDCYhMrJBjd4cJAYq AYnkHGr/6pIRTMBjLup8boKwPZoDhn4WbYEyqH0K/TKkrOKwx57uLM/hHeVgIcbM 3TJXbs8Py9bN7nbFNkJ9txDl6a1iPv6Ondm32AmlVGc7xAhqb/9cUnnOrYsrTj8x EB7Nx4CfB9c0y1ugYQ47waI6az+zX5vnxK9WCnTw4nPcQk+OIz7rlJHweiYjGryK 5tyXriQyvvES9aWXva/tFkZ5YmrJ+gLbDBXrthP+ws3ljPYYwOIeQnoWY67apUue lYh1Cb+14LyTqUi/D309RMlm1/s5H3UFUpoBgTIgHLvU2Ss4gZhNRNuYvVTFrJYG 80YJ6HYKduE= =TM3k -----END PGP SIGNATURE-----