Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3883-1] rt-authen-externalauth security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3883-1] rt-authen-externalauth security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3883-1] rt-authen-externalauth security update
  • Date: Thu, 15 Jun 2017 19:07:04 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1dLa6i-0007bB-N4 AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 15 Jun 2017 19:07:30 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <US9LWpkyFxJ.A.cUD.prtQZB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3883-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 15, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : rt-authen-externalauth
CVE ID : CVE-2017-5361

It was discovered that RT::Authen::ExternalAuth, an external
authentication module for Request Tracker, is vulnerable to timing
side-channel attacks for user passwords. Only ExternalAuth in DBI
(database) mode is vulnerable.

For the stable distribution (jessie), this problem has been fixed in
version 0.25-1+deb8u1.

We recommend that you upgrade your rt-authen-externalauth packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllC2qdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SsOg//dmVtGlck+r2bWu+knFJgpfZEzfsUGQplU/6V7wNs0/ezY8d9+v1Ko2H6
ltqLLABZ6DqwavWjyq35tfSbgCekjzg5wXRtABn/ZCkdfb7uWqgelz+VXjUJmmV0
IyykLFa375rP0v5hoUpd7fTuWbtOuHZEPXYhV7ZGQ9LJCmiW85J6NRnIPhjXQKxO
wm09vBDHlE6BKwOEp30Owfbg/ieOzH/LaEz3xIDoZEIDQP0Hr6GhY/sbH6OxbhLa
/2Z4yP36KZuOWWNQ4VDQs5ofdN2zCk/dhxhhs+tlzKUaoaeA+1LptFGFHJiEhOHo
af8xZ+ACYITZsfJdzzcZxUX44PKGsptvTPTw8oz0hO/wpWw9rH6BrMznjferrAhY
89XNB6hcbo3YiEjsoSvYNDuYuVeTmbhNh71dfKl6EV6q5DesDKf8E2BDUDB1WTky
MqO9YxkxcG9F50jNnSYKoN8xnumr1LfoSUaKJpFq8JmmWpkh35Umo8a/bKHkrP4j
7E7fzjihlIGnk0x62veYJO7opodzwzpZAyGiwwFH/+f/9jxdaTb8T/Sa8vBYOo0T
esjcJQTtKJrN1uzQDnzNwVpLUIvSKIpKTu/4+oX9NXEkMY36t5cw0YyvQPVMkBDB
n/irHszGyNZu5uBmU6dnMUfRQQGaflB0pR9mCaV8YfiHVuAeA8k=
=joGp
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3883-1] rt-authen-externalauth security update, Salvatore Bonaccorso, 15.06.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang