SUSE-SU-2022:1477-1

Details

This update for python-Twisted fixes the following issues:

CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086)

Affected Packages

python-Twisted

SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

19.10.0-150200.3.9.1

python3-Twisted

SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2openSUSE Leap 15.3

Fixed in:

19.10.0-150200.3.9.1

python-Twisted-doc

openSUSE Leap 15.3

Fixed in:

19.10.0-150200.3.9.1

python2-Twisted

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

19.10.0-150200.3.9.1

References

REPORT

https://bugzilla.suse.com/1198086

WEB

https://www.suse.com/security/cve/CVE-2022-24801

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20221477-1/