Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3679-1] jackrabbit security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3679-1] jackrabbit security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Florian Weimer <fw AT deneb.enyo.de>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3679-1] jackrabbit security update
  • Date: Tue, 27 Sep 2016 12:34:00 +0200
  • List-archive: https://lists.debian.org/msgid-search/87bmz9zl5z.fsf AT mid.deneb.enyo.de
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <fw AT deneb.enyo.de>
  • Priority: urgent
  • Resent-date: Tue, 27 Sep 2016 10:34:16 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <AI4r3eRkqSE.A.jqD.osk6XB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3679-1 security AT debian.org
https://www.debian.org/security/ Florian Weimer
September 27, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : jackrabbit
CVE ID : CVE-2016-6801
Debian Bug : 838204

Lukas Reschke discovered that Apache Jackrabbit, an implementation of
the Content Repository for Java Technology API, did not correctly
check the Content-Type header on HTTP POST requests, enabling
Cross-Site Request Forgery (CSRF) attacks by malicious web sites.

For the stable distribution (jessie), this problem has been fixed in
version 2.3.6-1+deb8u2.

For the unstable distribution (sid), this problem has been fixed in
version 2.12.4-1.

We recommend that you upgrade your jackrabbit packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJX6lXSAAoJEL97/wQC1SS+f+oH/j2icJdtA6mPaV8zohFFG00H
KiU6pFyh/9bLyFOHhtKmBK4ykFGgd4ViQBqlCxig+o/LuL9z3Pj7uORv/2zLE2gq
UFWCIs1Faiy63KpeabeeFDAEvqhLkH6cEGc9QBxbQeaDRr6rJrVlJubnu8nkJLEa
bMILBwxIt2kTE0xvZdm0OX7SzLLf8JwJA48RmK5D7rrxV4vJa7MQD1GMJTdYQsx5
TNCwdrajrqi9NF7yrMwGdvhdv7x7yr5fPT+X7YNdkM6AGxsMojjI0iPA+caREUea
Imd6Hz3rGIyahqQjhphQBKfZcepX2YrZ8w3kWSD+W9rC9ckyuEE/uRf/udc2IV8=
=+KOg
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3679-1] jackrabbit security update, Florian Weimer, 27.09.2016

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang