USN-6575-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6575-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6575-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6575-1

Related

Published

2024-01-10T13:39:55.975325Z

Modified

2024-01-10T13:39:55.975325Z

Summary

twisted vulnerabilities

Details

It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-39348)

It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests. (CVE-2023-46137)

References

Affected packages

Ubuntu:20.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@18.9.0-11ubuntu0.20.04.3?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.9.0-11ubuntu0.20.04.3

Affected versions

18.*

18.9.0-3ubuntu1

18.9.0-5

18.9.0-6

18.9.0-6build1

18.9.0-6ubuntu1

18.9.0-8

18.9.0-11

18.9.0-11ubuntu0.20.04.1

18.9.0-11ubuntu0.20.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "python3-twisted-bin-dbg": "18.9.0-11ubuntu0.20.04.3",
            "twisted-doc": "18.9.0-11ubuntu0.20.04.3",
            "python3-twisted": "18.9.0-11ubuntu0.20.04.3",
            "python3-twisted-bin": "18.9.0-11ubuntu0.20.04.3"
        }
    ]
}

Ubuntu:22.04:LTS / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@22.1.0-2ubuntu2.4?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.1.0-2ubuntu2.4

Affected versions

20.*

20.3.0-7ubuntu1

20.3.0-7ubuntu3

22.*

22.1.0-2ubuntu2

22.1.0-2ubuntu2.1

22.1.0-2ubuntu2.3

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "twisted-doc": "22.1.0-2ubuntu2.4",
            "python3-twisted": "22.1.0-2ubuntu2.4"
        }
    ]
}

Ubuntu:23.10 / twisted

Package

Name: twisted
Purl: pkg:deb/ubuntu/twisted@22.4.0-4ubuntu0.23.10.1?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

22.4.0-4ubuntu0.23.10.1

Affected versions

22.*

22.4.0-4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "twisted-doc": "22.4.0-4ubuntu0.23.10.1",
            "python3-twisted": "22.4.0-4ubuntu0.23.10.1"
        }
    ]
}