Debian 10261 Published by

A twisted security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where SSH client and server implementations could accept an infinite amount of data for the peer's SSH version identifier.



ELA-575-1 twisted security update

Package twisted
Version 14.0.2-3+deb8u4
Related CVEs CVE-2022-21716

It was discovered that there was an issue in the Twisted Python network framework where SSH client and server implementations could accept an infinite amount of data for the peer’s SSH version identifier and that a buffer then uses all available memory.

For Debian 8 Jessie, these problems have been fixed in version 14.0.2-3+deb8u4.

We recommend that you upgrade your twisted packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-575-1 twisted security update