SUSE-SU-2022:1477-1

Details

Description of the patch:

This update for python-Twisted fixes the following issues:

CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086)

Affected Packages

python3-Twisted

SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP3SUSE Linux Enterprise Module for Package Hub 15 SP3SUSE Linux Enterprise Module for Server Applications 15 SP3SUSE Linux Enterprise Real Time 15 SP2

Fixed in:

19.10.0-150200.3.9.1

python-Twisted-doc

openSUSE Leap 15.3

Fixed in:

19.10.0-150200.3.9.1

python2-Twisted

openSUSE Leap 15.3openSUSE Leap 15.4

Fixed in:

19.10.0-150200.3.9.1

References

ADVISORY

https://bugzilla.suse.com/1198086

ADVISORY

https://lists.suse.com/pipermail/sle-security-updates/2022-April/010903.html

ADVISORY

https://www.suse.com/security/cve/CVE-2022-24801/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2022/suse-su-20221477-1/