Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4283-1] ruby-json-jwt security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4283-1] ruby-json-jwt security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4283-1] ruby-json-jwt security update
  • Date: Fri, 31 Aug 2018 21:55:21 +0000
  • List-archive: https://lists.debian.org/msgid-search/20180831215521.lqj7oebaj2tp6pkd AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 31 Aug 2018 21:55:44 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <0HGRkdIM17.A.hgG.glbibB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4283-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 31, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ruby-json-jwt
CVE ID : CVE-2018-1000539

It was discovered that ruby-json-jwt, a Ruby implementation of JSON web
tokens performed insufficient validation of GCM auth tags.

For the stable distribution (stretch), this problem has been fixed in
version 1.6.2-1+deb9u1.

We recommend that you upgrade your ruby-json-jwt packages.

For the detailed security status of ruby-json-jwt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/ruby-json-jwt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluJuAsACgkQEMKTtsN8
TjY2vw/9GBrt/9S0UrG4r8RgZq+TquStkLp+vc4SFTn7Ahbky9wIqaO+AJ+MnK5M
MtVQDSpL/OP16S6AAJW3s9Wkb58s0HKa2gc7XQ41y6w7Lkg0yO5wvWRTzPWzIdit
cAf9J0uviWqCfDNxDkxrgoe8vKAhkFhRWm6kUKnsUwS51NN6DOVLjhn9pDYcI9cd
vmYyRdTHJZIIFBUvu9KFRa9BqAupu7G7C1E2NoGyWyv1DjFsHcSdvF0l9+b9BDxp
B+liySB8pHVuVTFp0YciRSGXm1suXdNLUWl4mf/Ie2IVyuI+OTgBrUUAMngrU8TZ
WY/Hi3X53mepm5oaUl8rgJgwRnyE1aqy49kGM7mQWe+b0Bp0YlvEMmO1Z2BD5mMF
kg+ZRYxsca4s3SzI/yUiNxMR0PYtB+486sAO6g305BhmmDb13JxnlPFe/8W/umFn
wIYhW5fRJk6ChkfoZMktpBttkLf7uIB8fSgAWnSfAHPZBeCltbQEXqpIZ9NU1l+U
gy8LuTcWKsdQeQGqkYZ2ygeUshTAny++59EDFZHgTNRjYanCcFBdxgsW8EpFO8m3
CMPezkUb5Schaq7Wq5qWdf8J+rNXHZ0Os+v+frzXnK1UbA6PBD+3awz/xSBg3qei
igmyiJT1oOSFThGzcA02Ktd/ka27ujivYguMH+yVE/DYGiQfZrs=
=DZhD
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4283-1] ruby-json-jwt security update, Moritz Muehlenhoff, 01.09.2018

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang