[SECURITY] [DLA 2938-1] twisted security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2938-1] twisted security update
From: "Chris Lamb" <lamby@debian.org>
Date: Tue, 8 Mar 2022 07:02:36 -0500 (EST)
Message-id: <[🔎] 164674084767.112683.13458923273601900631@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2938-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
March 08, 2022                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : twisted
Version        : 16.6.0-2+deb9u2
CVE ID         : CVE-2022-21716

It was discovered that there was an issue in the Twisted Python
network framework where SSH client and server implementions could
accept an infinite amount of data for the peer's SSH version
identifier and that a buffer then uses all available memory.

For Debian 9 "Stretch", this problem has been fixed in version
16.6.0-2+deb9u2.

We recommend that you upgrade your twisted packages.

For the detailed security status of twisted please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/twisted

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInRW0ACgkQHpU+J9Qx
HliUSQ//Qjp53PAbN03p7tfaRsqDBnj6HiqQ2UyDRw3kcnM46eRSOuZ00oGrn4h9
nF1G+NlK8F0lTzYl/82lJ2IMeqYBtxufqF8t9TpW8XG+ig7J7DXlhdYWQE0VTG8/
mUE/zbVM1f6ITVIaP6QMSoqmXXDcCHqK2XbzAbK1NWv8PCMIhY93kbkoeBOX7IRM
/UOh54DlEP2p6KzitWBfbHmZc5uJRPeZpXM4Z3Udpv2TqtmUknQSKYycsM8SZyfq
WFvVYwdtxtsDt81lid8/kKZbYweKuxV1ge62QBC9GUpbiZKmOmda5NFWfjHRudwa
8wJko+b16YDOJyhbmpijVBCd5vpwN8HJVYCrQ8n6+hEXZKN7hHMGtFQy6Ko8jEq6
w+ZlXy8zYYu2Zo8/KC3rAOp3aDsncLhWUoxtoQPDkuv13OtiWlrLO9DI0O/daN15
DZxuxjFmHI3iztzkJuSdcp2sDg30Zg74O0rnn9W/fyhRmwsIHMdcKyXF1Fwqlz1D
+QHAF41rtOZUt7ihpbs7Xi0707iqfMRTp6eoUJhVO2zi8/xyZhYHiJsalmSNpcKR
QuqDeXkeFPy1KKSDTZZyFwVkYdnRFbk/wlkpJrKavD7CAWQ1QfAWJcA6DIMpHY88
qoLbITpF/uFwykOG6BxYH5BJ9sg8yXt++Kc8+Sy6pkI6qP80hXA=
=WqPv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2937-1] gif2apng security update
Next by Date: [SECURITY] [DLA 2939-1] thunderbird security update
Previous by thread: [SECURITY] [DLA 2937-1] gif2apng security update
Next by thread: [SECURITY] [DLA 2939-1] thunderbird security update
Index(es):
- Date
- Thread