A twisted security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where SSH client and server implementations could accept an infinite amount of data for the peer's SSH version identifier.
ELA-575-1 twisted security update
Package twisted
ELA-575-1 twisted security update
Version 14.0.2-3+deb8u4
Related CVEs CVE-2022-21716
It was discovered that there was an issue in the Twisted Python network framework where SSH client and server implementations could accept an infinite amount of data for the peer’s SSH version identifier and that a buffer then uses all available memory.
For Debian 8 Jessie, these problems have been fixed in version 14.0.2-3+deb8u4.
We recommend that you upgrade your twisted packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/
