公告ID: KYLIN-2019-12855
安全等级: 中等
产品: Kylin V3
发布日期: 2019年7月9日
CVE: CVE-2019-12855
CVSS3评分: 7.4
概述:
* This issue affects the version of calamari-server(embeds python-twisted) as shipped with Kylin Ceph Storage 2 as it does not check for TLS certificate. * This issue did not affect the versions of python-twisted-core as shipped with Kylin Gluster Storage 3, Kylin Ceph Storage 2 and 3 as it does not ship XMPP XML Stream bits. This issue affects the versions of python-twisted-words as shipped with Kylin Enterprise Linux 6 and 7. Kylin Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Kylin Enterprise Linux Life Cycle: https://access.Kylin.com/support/policy/updates/errata/. 描述:
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. 系统版本:
KYLIN 3.2.x
KYLIN 3.3.x
受影响包列表:
python-twisted-words
python-twisted-words