Ubuntu alert USN-5576-1 (twisted) [LWN.net]

From:
               Ray Veldkamp <ray.veldkamp@canonical.com>
To:
               ubuntu-security-announce@lists.ubuntu.com
Subject:
               [USN-5576-1] Twisted vulnerability
Date:
               Wed, 24 Aug 2022 14:44:50 +1000
Message-ID:
               <46907f50-2a2a-3f49-39ba-223aa9cad0e2@canonical.com>
==========================================================================
Ubuntu Security Notice USN-5576-1
August 24, 2022

twisted vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Twisted could be made to expose sensitive information over the
network.

Software Description:
- twisted: Event-based framework for internet applications

Details:

It was discovered that Twisted incorrectly parsed some types of HTTP requests
in its web server implementation. In certain proxy or multi-server
configurations, a remote attacker could craft malicious HTTP requests in order
to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
python3-twisted 22.1.0-2ubuntu2.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5576-1
CVE-2022-24801

Package Information:
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubun...

From:		Ray Veldkamp <ray.veldkamp@canonical.com>
To:		ubuntu-security-announce@lists.ubuntu.com
Subject:		[USN-5576-1] Twisted vulnerability
Date:		Wed, 24 Aug 2022 14:44:50 +1000
Message-ID:		<46907f50-2a2a-3f49-39ba-223aa9cad0e2@canonical.com>