it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5144-1] condor security update

From: Markus Koschany <apo AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5144-1] condor security update
Date: Sun, 22 May 2022 20:22:48 +0000
List-archive: https://lists.debian.org/msgid-search/20220522202248.GA11773 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=DX++ZiU5znM+XvXLV+riSiqeAyoqL+ipNJzLgeJkXVw=; b=ie RHaAVTRTElhHCPoW01FxYCkqrYp38F+kJ2rD3vZyNRkp5poE0t88ydE+qUoFCC9Cbk8Dgw9zut1ay l8ut/Qr/qWPcSQA/9IomNQZ/GYm9M5/MFEitnUdxPNRMKhEZJakW9OFkBUIaoGT3VGaClaooPo5PO q1GCME8ekH4OIq3mzkV5Rl32kmikLRCE//Z1zae0A9A41ArHfsZ7Egj1iz9efoxFVyUxJHJDfjfRk Z9A8bxSGy7pyi/gUMqWV+TnoXXaZfntxwKdcrg8k1JQ9DzAZll6LZjlzweui3e8Z6bmZ0WPesUpcJ o9ARB6O1POaEfus+//Bqv40JkyNseQxQ==;
Old-return-path: <apo AT seger.debian.org>
Priority: urgent
Resent-date: Sun, 22 May 2022 20:39:10 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <nobxv-jRebO.A.loC.t9piiB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5144-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
May 22, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : condor
CVE ID : CVE-2019-18823 CVE-2022-26110
Debian Bug : 963777 1008634

Several flaws have been discovered in HTCondor, a distributed workload
management system, which allow users with only READ access to any daemon to
use
a different authentication method than the administrator has specified. If the
administrator has configured the READ or WRITE methods to include CLAIMTOBE,
then it is possible to impersonate another user and submit or remove jobs.

For the oldstable distribution (buster), these problems have been fixed
in version 8.6.8~dfsg.1-2+deb10u1.

We recommend that you upgrade your condor packages.

For the detailed security status of condor please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/condor

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKKmudfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQULhAAkWzFscqLmOmYG6ceWoRYpVGADM3iidhVRA0DPSPMMFuuKiSO6frXkA7u
fmP3JHIpdq8CnZ+dooPXRkjSeSYfKTtXzm3h9RBxafNWtdAy7ynKHvfax2OlhlP8
9RxLxiYsie2NXhB/L3lDvDpvGyoOlw6PER6ZVEUVsFAg7ryhUkmcrr+JFYM44/on
5KtfQbQ3hWSNMn6SMVvaAZBYeoAGaRfCMPpY4SxRlecL9PouW91+uXFUl9kH3As7
LJT3z8jxtOF/XY4u7gCsdXJINAxdc5M54yz8AwPvuDSWaTVtlUCchKY/Tg6+Upam
AA3TjoYZK/dqHP5/aSogyC7r/BEbe3EXWuSa+9s57XzTcL5Hs53d6jPYqc7t6m33
yXeDuJkxi55tHWvb6I3GmaKcN1R4Cq/J3sTlSMBoh3ixUPManfzhZT+drZJ22cKJ
wzcs1ZxnwDTKGDR4WGOSsrdbgc7cpzVEPC7T20XU+K0gjseRwu1sJQqs4v9mFuah
uxeXHpJlaaeh/ITzGolprST6jzSrZ78XtNTIBxLVi9MGXfRM9ezPhyL3y4wtYZHe
O3SS4xW4g4XKfMFErBnYmJR7TmH6bez3r7dMjAXfStVsUPsySkSKTu9Vp6csbbRw
8NuvpZl+/DPgwjMnizIvCYCE155fLQFY58eJBX5eGjlV/jrc4H8=
=qbdZ
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5144-1] condor security update, Markus Koschany, 22.05.2022

Archiv bereitgestellt durch MHonArc 2.6.24.