-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2938-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb March 08, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : twisted Version : 16.6.0-2+deb9u2 CVE ID : CVE-2022-21716 It was discovered that there was an issue in the Twisted Python network framework where SSH client and server implementions could accept an infinite amount of data for the peer's SSH version identifier and that a buffer then uses all available memory. For Debian 9 "Stretch", this problem has been fixed in version 16.6.0-2+deb9u2. We recommend that you upgrade your twisted packages. For the detailed security status of twisted please refer to its security tracker page at: https://security-tracker.debian.org/tracker/twisted Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmInRW0ACgkQHpU+J9Qx HliUSQ//Qjp53PAbN03p7tfaRsqDBnj6HiqQ2UyDRw3kcnM46eRSOuZ00oGrn4h9 nF1G+NlK8F0lTzYl/82lJ2IMeqYBtxufqF8t9TpW8XG+ig7J7DXlhdYWQE0VTG8/ mUE/zbVM1f6ITVIaP6QMSoqmXXDcCHqK2XbzAbK1NWv8PCMIhY93kbkoeBOX7IRM /UOh54DlEP2p6KzitWBfbHmZc5uJRPeZpXM4Z3Udpv2TqtmUknQSKYycsM8SZyfq WFvVYwdtxtsDt81lid8/kKZbYweKuxV1ge62QBC9GUpbiZKmOmda5NFWfjHRudwa 8wJko+b16YDOJyhbmpijVBCd5vpwN8HJVYCrQ8n6+hEXZKN7hHMGtFQy6Ko8jEq6 w+ZlXy8zYYu2Zo8/KC3rAOp3aDsncLhWUoxtoQPDkuv13OtiWlrLO9DI0O/daN15 DZxuxjFmHI3iztzkJuSdcp2sDg30Zg74O0rnn9W/fyhRmwsIHMdcKyXF1Fwqlz1D +QHAF41rtOZUt7ihpbs7Xi0707iqfMRTp6eoUJhVO2zi8/xyZhYHiJsalmSNpcKR QuqDeXkeFPy1KKSDTZZyFwVkYdnRFbk/wlkpJrKavD7CAWQ1QfAWJcA6DIMpHY88 qoLbITpF/uFwykOG6BxYH5BJ9sg8yXt++Kc8+Sy6pkI6qP80hXA= =WqPv -----END PGP SIGNATURE-----
