Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in Apache Shiro
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Apache Shiro
ID: USN-4740-1
Distribution: Ubuntu
Plattformen: Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
Datum: Do, 18. Februar 2021, 23:59
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957
Applikationen: Apache Shiro

Originalnachricht


--===============6834374909019677595==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="lgck7lzpa3hyw5o6"
Content-Disposition: inline


--lgck7lzpa3hyw5o6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

==========================================================================
Ubuntu Security Notice USN-4740-1
February 18, 2021

shiro vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Apache Shiro could be made to crash if it received specially crafted
input.

Software Description:
- shiro: Powerful and easy-to-use Java security framework

Details:

It was discovered that Apache Shiro mishandled specially crafted requests. An
attacker could use this vulnerability to bypass authentication mechanisms.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libshiro-java 1.3.2-4ubuntu0.1

Ubuntu 18.04 LTS:
libshiro-java 1.3.2-3~18.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4740-1
CVE-2020-11989, CVE-2020-1957

Package Information:
https://launchpad.net/ubuntu/+source/shiro/1.3.2-4ubuntu0.1
https://launchpad.net/ubuntu/+source/shiro/1.3.2-3~18.04.1

--lgck7lzpa3hyw5o6
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEkCdEQ5T6DutSveCybUp5kL3izGYFAmAu6uIACgkQbUp5kL3i
zGbk2Q//YC5G7MhiruI8dg3C16cM/1YJRYFKEDtiYlc858lSmdDZyrspvhES+7M5
OIv18GUT95s85w2nKD3+6rJWXrMoaP0vK1dYAvhlH8I/yMxUfaSz6Sg+/aRfQzfW
Vllfe+jcSS7oAFsPHh/p68v2EatxdrhMj5T5jtfFIMzP4DGluTc/Ut6cvQ0vsOO3
fCNsSa/0GzDkCQz9LLQSZdoMieNCjsh5FDqSRR9hbCjmJha6asQGv71qWm7s6+LT
JcEKgrxU136rTKCKBo2wraJc32GyIaXd+5w0mQqQqSPfZIg+RjnxztcRWBp8tomD
qkigCkgUZvc02yxDL2BXFrEY3zogK3nIUR/K+kKR9c0ggcDLuV8izO5+0JYWKw+v
kxxiNIqAehLX/KhiLNA1elWXbxXkKO9cUC2aYhFsETAUNRGxfdby7YqBDGYxaCkZ
Hph5wz6BlsXjTRext2DgN77JKzNX0nGy6UeOf3Cq5n4V8AbBtkFKg2EWyWrv/T1H
7xFfSHBW9NFBpa74XEs20fRfHa02yGxkTqxBjZDOWAeECXJiew+F2EiFUTty52hN
d9j4MGhoTqoSzZV3SwzAEW5HgPXsQeXliY3fJr65olMqEhl6f30TfwJezv3lmwNn
oluK4ABn12vOmIkTnGClPdWmSouF+8EAr/rA5BfkwXhdM+IPofA=
=Vhe6
-----END PGP SIGNATURE-----

--lgck7lzpa3hyw5o6--


--===============6834374909019677595==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung