Ubuntu: Security Advisory for twisted (USN-4308-1)

The remote host is missing an update for the 'twisted' package(s) announced via the USN-4308-1 advisory.

it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. (CVE-2019-12387) It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. (CVE-2019-12855) It was discovered that Twisted incorrectly handled HTTP/2 connections. A remote attacker could possibly use this issue to cause Twisted to hang or consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10. (CVE-2019-9512, CVE-2019-9514, CVE-2019-9515) Jake Miller and ZeddYu Lu discovered that Twisted incorrectly handled certain content-length headers. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. (CVE-2020-10108, CVE-2020-10109)

'twisted' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).