Synopsis:
python-twisted security updateSummary:
An update for python-twisted is now available for openEuler-24.03-LTSDescription:
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following:
Security Fix(es):
A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chains. A single malformed TCP packet is sufficient to block the Twisted reactor's event loop for several seconds. Because Twisted operates on a single-threaded cooperative multitasking model, this results in a common Denial of Service (DoS) attack. During this process, the server becomes unable to handle new connections, process I/O, or respond to existing requests, effectively paralyzing the server for the duration of decompression.(CVE-2026-42304)Topic:
An update for python-twisted is now available for openEuler-24.03-LTS.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
python-twisted
22.10.0-5.oe240322.10.0-5.oe240322.10.0-5.oe2403Exploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:H7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H