ALAS-2020-1372


Amazon Linux AMI Security Advisory: ALAS-2020-1372
Advisory Release Date: 2020-05-22 20:57 Pacific
Advisory Updated Date: 2020-06-03 17:20 Pacific
Severity: Important
References: CVE-2020-10108 

Issue Overview:

In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.(CVE-2020-10108 )


Affected Packages:

python-twisted-web


Issue Correction:
Run yum update python-twisted-web to update your system.

New Packages:
i686:
    python27-twisted-web-8.2.0-6.6.amzn1.i686
    python26-twisted-web-8.2.0-6.6.amzn1.i686

src:
    python-twisted-web-8.2.0-6.6.amzn1.src

x86_64:
    python26-twisted-web-8.2.0-6.6.amzn1.x86_64
    python27-twisted-web-8.2.0-6.6.amzn1.x86_64