USN-4308-2

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/notices/USN-4308-2
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4308-2.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4308-2
Related
Published
2020-03-30T12:00:51.404246Z
Modified
2020-03-30T12:00:51.404246Z
Summary
twisted vulnerabilities
Details

USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387)

It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and obtain sensitive information. (CVE-2019-12855)

Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109)

References

Affected packages

Ubuntu:14.04:LTS / twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
13.2.0-1ubuntu1.2+esm1

Affected versions

13.*

13.0.0-1ubuntu1
13.2.0-1ubuntu1
13.2.0-1ubuntu1.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "twisted-doc"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-news"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-lore"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-names"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-words"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-runner"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-core"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-web"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-mail"
        },
        {
            "binary_version": "13.2.0-1ubuntu1.2+esm1",
            "binary_name": "python-twisted-bin"
        }
    ]
}