Security update for python-Twisted SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:2066-1 Final 1 1 2019-08-06T13:53:43Z current 2019-08-06T13:53:43Z 2019-08-06T13:53:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-Twisted This update for python-Twisted fixes the following issue: Security issue fixed: - CVE-2019-12387: Fixed an improper sanitization of URIs or HTTP which could have allowed attackers to perfrom CRLF attacks (bsc#1137825). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2019-2066,SUSE-2019-2066,SUSE-OpenStack-Cloud-7-2019-2066,SUSE-OpenStack-Cloud-8-2019-2066,SUSE-OpenStack-Cloud-9-2019-2066,SUSE-OpenStack-Cloud-Crowbar-8-2019-2066,SUSE-OpenStack-Cloud-Crowbar-9-2019-2066,SUSE-SLE-Module-Web-Scripting-12-2019-2066,SUSE-Storage-4-2019-2066,SUSE-Storage-5-2019-2066 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20192066-1/ Link for SUSE-SU-2019:2066-1 https://lists.suse.com/pipermail/sle-security-updates/2019-August/005784.html E-Mail link for SUSE-SU-2019:2066-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1137825 SUSE Bug 1137825 https://www.suse.com/security/cve/CVE-2019-12387/ SUSE CVE CVE-2019-12387 page HPE Helion OpenStack 8 SUSE Enterprise Storage 4 SUSE Enterprise Storage 5 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 python-Twisted-15.2.1-9.5.2 python-Twisted-doc-15.2.1-9.5.2 python-Twisted-15.2.1-9.5.2 as a component of HPE Helion OpenStack 8 python-Twisted-15.2.1-9.5.2 as a component of SUSE Enterprise Storage 4 python-Twisted-15.2.1-9.5.2 as a component of SUSE Enterprise Storage 5 python-Twisted-15.2.1-9.5.2 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 python-Twisted-15.2.1-9.5.2 as a component of SUSE OpenStack Cloud 7 python-Twisted-15.2.1-9.5.2 as a component of SUSE OpenStack Cloud 8 python-Twisted-15.2.1-9.5.2 as a component of SUSE OpenStack Cloud 9 python-Twisted-15.2.1-9.5.2 as a component of SUSE OpenStack Cloud Crowbar 8 python-Twisted-15.2.1-9.5.2 as a component of SUSE OpenStack Cloud Crowbar 9 In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF. CVE-2019-12387 HPE Helion OpenStack 8:python-Twisted-15.2.1-9.5.2 SUSE Enterprise Storage 4:python-Twisted-15.2.1-9.5.2 SUSE Enterprise Storage 5:python-Twisted-15.2.1-9.5.2 SUSE Linux Enterprise Module for Web and Scripting 12:python-Twisted-15.2.1-9.5.2 SUSE OpenStack Cloud 7:python-Twisted-15.2.1-9.5.2 SUSE OpenStack Cloud 8:python-Twisted-15.2.1-9.5.2 SUSE OpenStack Cloud 9:python-Twisted-15.2.1-9.5.2 SUSE OpenStack Cloud Crowbar 8:python-Twisted-15.2.1-9.5.2 SUSE OpenStack Cloud Crowbar 9:python-Twisted-15.2.1-9.5.2 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20192066-1/ https://www.suse.com/security/cve/CVE-2019-12387.html CVE-2019-12387 https://bugzilla.suse.com/1137825 SUSE Bug 1137825