RHSA-2022:0992 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 16.2 (python-twisted) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for python-twisted is now available for Red Hat OpenStack
Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Twisted is a networking engine written in Python, supporting numerous
protocols. It contains a web server, numerous chat clients, chat servers,
mail servers and more.

Security Fix(es):

Secret exposure in cross-origin redirects of python-twisted (CVE-2022-21712)
SSH client and server denial of service during SSH handshake

(CVE-2022-21716)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 16.2 x86_64
Red Hat OpenStack for IBM Power 16.2 ppc64le

Fixes

BZ - 2051865 - CVE-2022-21712 dev-python/twisted: secret exposure in cross-origin redirects
BZ - 2060960 - CVE-2022-21716 python-twisted: SSH client and server denial of service during SSH handshake

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 16.2

SRPM
python-twisted-16.4.1-19.el8ost.src.rpm	SHA-256: aee5d802341c13e06a76e002076bf3c7a22dbbedc14291fcceb56c9af04ca88c
x86_64
python-twisted-debugsource-16.4.1-19.el8ost.x86_64.rpm	SHA-256: 78a5644e644c00cea63a220202b87b97cbcd0be444d3f8ac6a3c682dc3d2987b
python3-twisted-16.4.1-19.el8ost.x86_64.rpm	SHA-256: 13f8830562b4fefb29df882778b4e43cf9d53b8e69bc96957e608baae4c7e586
python3-twisted-debuginfo-16.4.1-19.el8ost.x86_64.rpm	SHA-256: 6f8001ce07676149d6947fc229e7ab15614abf440409269ba41f62612c57ac19

Red Hat OpenStack for IBM Power 16.2

SRPM
python-twisted-16.4.1-19.el8ost.src.rpm	SHA-256: aee5d802341c13e06a76e002076bf3c7a22dbbedc14291fcceb56c9af04ca88c
ppc64le
python-twisted-debugsource-16.4.1-19.el8ost.ppc64le.rpm	SHA-256: 63231761bb7c7068facc7bcde00d0532ff0f98d07d07d611c035a3e116640de8
python3-twisted-16.4.1-19.el8ost.ppc64le.rpm	SHA-256: 3554c9f0bc665bf21cfa900ebd60eb281c9a2df095823ab2f1ecec4d399a5af2
python3-twisted-debuginfo-16.4.1-19.el8ost.ppc64le.rpm	SHA-256: 52dee7d4b59a20d6b510709f48425be7a500944d0ddaea5ef9c980ef3b872e5e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation