最新バージョンのpython-twisted-web が、Red Hat Enterprise Linux 6 / 7からご利用いただけるようになりました。
今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。
Twisted is an event-based framework for internet applications. Twisted Web is a
complete web server, aimed at hosting web applications using Twisted and Python,
but fully able to serve static pages too.
* It was discovered that python-twisted-web used the value of the Proxy header
from HTTP requests to initialize the HTTP_PROXY environment variable for CGI
scripts, which in turn was incorrectly used by certain HTTP client
implementations to configure the proxy for outgoing HTTP requests. A remote
attacker could possibly use this flaw to redirect HTTP requests performed by a
CGI script to an attacker-controlled proxy via a malicious HTTP request.
Note: After this update, python-twisted-web will no longer pass the value of the
Proxy request header to scripts via the HTTP_PROXY environment variable.
Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.
1357345 – CVE-2016-1000111 Python Twisted: sets environmental variable based on user supplied Proxy request header
The kmod-lpfc packages contain the Emulex LightPulse Fibre Channel SCSI driver kernel module, which adds official support for the lpfc devices. The PCI ID supported by this package is 10DF:E300.
The kernel modules delivered by this erratum have been made available as part of the Red Hat Driver Update Program, which provides updated kernel
modules that add support for selected devices in advance of the next Red Hat Enterprise Linux minor update release. We strongly recommend that
these kernel modules be only used when it is necessary to enable the specific hardware mentioned in this erratum. Partners and customers
should continue to use the driver that is shipped in the latest Red Hat Enterprise Linux kernel for all other devices that require this driver.
All users who require kmod-lpfc are advised to install these new packages.