New Debian twisted 16.6.0-2+deb9u2 fixes: This update addresses the following issue: * SSH client and server denial of service during SSH handshake (CVE-2022-21716)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/twisted_16.6.0-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/twisted_16.6.0-2+deb9u2.dsc @@ -1,3 +1,10 @@ +16.6.0-2+deb9u2 [Tue, 08 Mar 2022 11:53:19 +0000] Chris Lamb <lamby@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2022-21716: Prevent an issue where SSH client and server implementions + could accept an infinite amount of data for the peer's SSH version + identifier so that a buffer uses all available memory. + 16.6.0-2+deb9u1 [Sat, 19 Feb 2022 16:03:45 +0100] Sylvain Beucler <beuc@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/4.4-8/#3086686915185954477>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 0bc3f6732f Bug #54525: twisted 16.6.0-2+deb9u2 doc/errata/staging/twisted.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1190>