drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in rt-authen-externalauth
Name: |
Mehrere Probleme in rt-authen-externalauth |
|
ID: |
DSA-3883-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie |
|
Datum: |
Do, 15. Juni 2017, 23:09 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5361 |
|
Applikationen: |
rt-authen-externalauth |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3883-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : rt-authen-externalauth CVE ID : CVE-2017-5361
It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI (database) mode is vulnerable.
For the stable distribution (jessie), this problem has been fixed in version 0.25-1+deb8u1.
We recommend that you upgrade your rt-authen-externalauth packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllC2qdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SsOg//dmVtGlck+r2bWu+knFJgpfZEzfsUGQplU/6V7wNs0/ezY8d9+v1Ko2H6 ltqLLABZ6DqwavWjyq35tfSbgCekjzg5wXRtABn/ZCkdfb7uWqgelz+VXjUJmmV0 IyykLFa375rP0v5hoUpd7fTuWbtOuHZEPXYhV7ZGQ9LJCmiW85J6NRnIPhjXQKxO wm09vBDHlE6BKwOEp30Owfbg/ieOzH/LaEz3xIDoZEIDQP0Hr6GhY/sbH6OxbhLa /2Z4yP36KZuOWWNQ4VDQs5ofdN2zCk/dhxhhs+tlzKUaoaeA+1LptFGFHJiEhOHo af8xZ+ACYITZsfJdzzcZxUX44PKGsptvTPTw8oz0hO/wpWw9rH6BrMznjferrAhY 89XNB6hcbo3YiEjsoSvYNDuYuVeTmbhNh71dfKl6EV6q5DesDKf8E2BDUDB1WTky MqO9YxkxcG9F50jNnSYKoN8xnumr1LfoSUaKJpFq8JmmWpkh35Umo8a/bKHkrP4j 7E7fzjihlIGnk0x62veYJO7opodzwzpZAyGiwwFH/+f/9jxdaTb8T/Sa8vBYOo0T esjcJQTtKJrN1uzQDnzNwVpLUIvSKIpKTu/4+oX9NXEkMY36t5cw0YyvQPVMkBDB n/irHszGyNZu5uBmU6dnMUfRQQGaflB0pR9mCaV8YfiHVuAeA8k= =joGp -----END PGP SIGNATURE-----
|
|
|
|