Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0943
twisted security update
18 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: twisted
Publisher: Debian
Operating System: Debian GNU/Linux 8
Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Modify Arbitrary Files -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-10109 CVE-2020-10108
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2145
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running twisted check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : twisted
Version : 14.0.2-3+deb8u1
CVE IDs : CVE-2020-10108 CVE-2020-10109
Debian Bug : #953950
It was discovered that there were a number of HTTP request splitting
vulnerabilities in Twisted, an Python event-based framework for
building various types of internet applications.
For more information, please see:
https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR
For Debian 8 "Jessie", these issues have been fixed in twisted
version 14.0.2-3+deb8u1.
We recommend that you upgrade your twisted packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Regards,
- - --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl5xEMsACgkQHpU+J9Qx
HliPwQ/+JqgOVgKwzqpOE2iYgBUZ9v0hkkVOa1W4L6mvAPuQVYaGC8cGLAgcfDQw
ulHyAo3xWtqEXQEB3jsF6eQfN6BqHr/3mVXHF3pSgem9Glb7Wi/eyhsRtcc+vcBx
UsX/Q2JFt8sC6u6LoQYElH7QqXgLsU/Y1Gia0BFrfhNTSsWZYLNxmdg7qwpPFtJ5
bQP3Z19dPCor+gll+DY9NPGyVqnT+DZ9eXZEtneImmLheoUncU8U8DnjozGgA8Kw
I2klrsYINlWl2AGlXvCsX+vUUS/B3aGacDQMplMHIJEqRG+QrvI6P5Mvbr3CVIoF
zG3NLRGPYGmpOOHdIOYyjUWFXIwJYsJiLwyYS1kVMiSiMXgkOI2GoHrJqJi1u7jy
V7BshpH+xeVyKyeUcDNpFvNIVh/7AGdLSoiWPiz4lnPBK3kLsMjEQsYIa2iauqzR
xAXxeyaPOJMFCo1MA9q/SN1pndP72YY188AZIndoU+BJz3d0eCu7KYM57zmclf3E
pu1T3jdoXGUvFRT3vZkXsTx5bSJfQZxIxkPcNBux65uQJ8WO5o1esPm9MXfvzsAF
0SdJcbQ1uWNFJGAgAxtBV5z4KFur9u+VtwgZS2qylUc9/tKykGfp9ISkqGGNa4m2
izddiPRxftl22K2SEPsNnnkbg53aaEg0KxQrIWmeOrm0vsLcywQ=
=AKJN
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXnF6dWaOgq3Tt24GAQjeww//eMZsSLPsRmYT2U385c/uouI91CFnZSg5
9xMG4y0v8uH6ZfGdSVyejsaLatpc3EHnYis2JBZT81JTo8b2kr1kj6h/rzam6yiC
hzoJRC3SokWfDS3nXJ8zW8gCeQ0mJnbN51UUKJ7UUQ/zmv95RoGubdQu1ZFwL6Vt
iYTNMpidI2Pmbzwzdpw9pWR0iuTbqgAU+lBYzhakvdjDj3utWi90sDQgmEtiBgJm
2UIocXoDk4ohNcyfq7yhn4tP1tjk1kF2tFguVJGIJCChaiZndsw73o+YtTKlyY3k
IwrQKQ0EmjnpS6QJba12DM8JU5DtNz/bPw/kOFPwgx21CfpfDCYhMrJBjd4cJAYq
AYnkHGr/6pIRTMBjLup8boKwPZoDhn4WbYEyqH0K/TKkrOKwx57uLM/hHeVgIcbM
3TJXbs8Py9bN7nbFNkJ9txDl6a1iPv6Ondm32AmlVGc7xAhqb/9cUnnOrYsrTj8x
EB7Nx4CfB9c0y1ugYQ47waI6az+zX5vnxK9WCnTw4nPcQk+OIz7rlJHweiYjGryK
5tyXriQyvvES9aWXva/tFkZ5YmrJ+gLbDBXrthP+ws3ljPYYwOIeQnoWY67apUue
lYh1Cb+14LyTqUi/D309RMlm1/s5H3UFUpoBgTIgHLvU2Ss4gZhNRNuYvVTFrJYG
80YJ6HYKduE=
=TM3k
-----END PGP SIGNATURE-----