drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Schlüsseln in ruby-json-jwt
Name: |
Mangelnde Prüfung von Schlüsseln in ruby-json-jwt |
|
ID: |
DSA-4283-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Sa, 1. September 2018, 08:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000539 |
|
Applikationen: |
ruby-json-jwt |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4283-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 31, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : ruby-json-jwt CVE ID : CVE-2018-1000539
It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags.
For the stable distribution (stretch), this problem has been fixed in version 1.6.2-1+deb9u1.
We recommend that you upgrade your ruby-json-jwt packages.
For the detailed security status of ruby-json-jwt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ruby-json-jwt
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAluJuAsACgkQEMKTtsN8 TjY2vw/9GBrt/9S0UrG4r8RgZq+TquStkLp+vc4SFTn7Ahbky9wIqaO+AJ+MnK5M MtVQDSpL/OP16S6AAJW3s9Wkb58s0HKa2gc7XQ41y6w7Lkg0yO5wvWRTzPWzIdit cAf9J0uviWqCfDNxDkxrgoe8vKAhkFhRWm6kUKnsUwS51NN6DOVLjhn9pDYcI9cd vmYyRdTHJZIIFBUvu9KFRa9BqAupu7G7C1E2NoGyWyv1DjFsHcSdvF0l9+b9BDxp B+liySB8pHVuVTFp0YciRSGXm1suXdNLUWl4mf/Ie2IVyuI+OTgBrUUAMngrU8TZ WY/Hi3X53mepm5oaUl8rgJgwRnyE1aqy49kGM7mQWe+b0Bp0YlvEMmO1Z2BD5mMF kg+ZRYxsca4s3SzI/yUiNxMR0PYtB+486sAO6g305BhmmDb13JxnlPFe/8W/umFn wIYhW5fRJk6ChkfoZMktpBttkLf7uIB8fSgAWnSfAHPZBeCltbQEXqpIZ9NU1l+U gy8LuTcWKsdQeQGqkYZ2ygeUshTAny++59EDFZHgTNRjYanCcFBdxgsW8EpFO8m3 CMPezkUb5Schaq7Wq5qWdf8J+rNXHZ0Os+v+frzXnK1UbA6PBD+3awz/xSBg3qei igmyiJT1oOSFThGzcA02Ktd/ka27ujivYguMH+yVE/DYGiQfZrs= =DZhD -----END PGP SIGNATURE-----
|
|
|
|