| 公告ID: |
KYLIN-2019-12855 |
| 安全等级: |
中等 |
| 产品: |
Kylin V3 |
| 发布日期: |
2019年7月9日 |
| CVE: |
CVE-2019-12855 |
| CVSS3评分: |
7.4 |
概述:
* This issue affects the version of calamari-server(embeds python-twisted) as shipped with Kylin Ceph Storage 2 as it does not check for TLS certificate.
* This issue did not affect the versions of python-twisted-core as shipped with Kylin Gluster Storage 3, Kylin Ceph Storage 2 and 3 as it does not ship XMPP XML Stream bits.
This issue affects the versions of python-twisted-words as shipped with Kylin Enterprise Linux 6 and 7.
Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/.
描述:
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
系统版本:
KYLIN 3.2.x
KYLIN 3.3.x
受影响包列表:
python-twisted-words
python-twisted-words