1. Ubuntu Security Notices
  2. USN-6988-2

USN-6988-2: Twisted vulnerability

Publication date

26 November 2024

Overview

Twisted could allow unintended access to information over the network.

Releases

Packages

  • twisted - Event-based framework for internet applications

Details

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)

USN-6988-1 fixed CVE-2024-41671 in Twisted. The USN incorrectly stated that
previous releases were unaffected. This update provides the equivalent fix
for Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS.

Original advisory details:

Ben Kallus discovered that Twisted incorrectly handled response order when
processing multiple HTTP requests. A remote attacker could possibly use
this issue to delay and manipulate responses.
This issue only affected Ubuntu 24.04 LTS. (CVE-2024-41671)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
22.04 jammy python3-twisted –  22.1.0-2ubuntu2.6
20.04 focal python3-twisted –  18.9.0-11ubuntu0.20.04.5
18.04 bionic python-twisted –  17.9.0-2ubuntu0.3+esm2  
python3-twisted –  17.9.0-2ubuntu0.3+esm2  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›