USN-6988-2

Source
https://ubuntu.com/security/notices/USN-6988-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6988-2.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-6988-2
Upstream
Related
Published
2024-11-26T18:25:38.541937Z
Modified
2025-10-13T04:38:18Z
Summary
twisted vulnerability
Details

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that previous releases were unaffected. This update provides the equivalent fix for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Ben Kallus discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay and manipulate responses. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)

References

Affected packages

Ubuntu:Pro:18.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted@17.9.0-2ubuntu0.3+esm2?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.9.0-2ubuntu0.3+esm2

Affected versions

16.*

16.6.0-2ubuntu3

17.*

17.9.0-1
17.9.0-2
17.9.0-2ubuntu0.1
17.9.0-2ubuntu0.3
17.9.0-2ubuntu0.3+esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python3-twisted",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        }
    ],
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:Pro:18.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2024-41671"
        }
    ]
}

Ubuntu:20.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted@18.9.0-11ubuntu0.20.04.5?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
18.9.0-11ubuntu0.20.04.5

Affected versions

18.*

18.9.0-3ubuntu1
18.9.0-5
18.9.0-6
18.9.0-6build1
18.9.0-6ubuntu1
18.9.0-8
18.9.0-11
18.9.0-11ubuntu0.20.04.1
18.9.0-11ubuntu0.20.04.2
18.9.0-11ubuntu0.20.04.3
18.9.0-11ubuntu0.20.04.4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "18.9.0-11ubuntu0.20.04.5"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "18.9.0-11ubuntu0.20.04.5"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:20.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2024-41671"
        }
    ]
}

Ubuntu:22.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted@22.1.0-2ubuntu2.6?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.1.0-2ubuntu2.6

Affected versions

20.*

20.3.0-7ubuntu1
20.3.0-7ubuntu3

22.*

22.1.0-2ubuntu2
22.1.0-2ubuntu2.1
22.1.0-2ubuntu2.3
22.1.0-2ubuntu2.4
22.1.0-2ubuntu2.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "22.1.0-2ubuntu2.6"
        }
    ],
    "availability": "No subscription required"
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:22.04:LTS",
    "cves": [
        {
            "severity": [
                {
                    "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                    "type": "CVSS_V3"
                },
                {
                    "score": "medium",
                    "type": "Ubuntu"
                }
            ],
            "id": "CVE-2024-41671"
        }
    ]
}