[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 3883-1] rt-authen-externalauth security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3883-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
June 15, 2017                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : rt-authen-externalauth
CVE ID         : CVE-2017-5361

It was discovered that RT::Authen::ExternalAuth, an external
authentication module for Request Tracker, is vulnerable to timing
side-channel attacks for user passwords. Only ExternalAuth in DBI
(database) mode is vulnerable.

For the stable distribution (jessie), this problem has been fixed in
version 0.25-1+deb8u1.

We recommend that you upgrade your rt-authen-externalauth packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllC2qdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SsOg//dmVtGlck+r2bWu+knFJgpfZEzfsUGQplU/6V7wNs0/ezY8d9+v1Ko2H6
ltqLLABZ6DqwavWjyq35tfSbgCekjzg5wXRtABn/ZCkdfb7uWqgelz+VXjUJmmV0
IyykLFa375rP0v5hoUpd7fTuWbtOuHZEPXYhV7ZGQ9LJCmiW85J6NRnIPhjXQKxO
wm09vBDHlE6BKwOEp30Owfbg/ieOzH/LaEz3xIDoZEIDQP0Hr6GhY/sbH6OxbhLa
/2Z4yP36KZuOWWNQ4VDQs5ofdN2zCk/dhxhhs+tlzKUaoaeA+1LptFGFHJiEhOHo
af8xZ+ACYITZsfJdzzcZxUX44PKGsptvTPTw8oz0hO/wpWw9rH6BrMznjferrAhY
89XNB6hcbo3YiEjsoSvYNDuYuVeTmbhNh71dfKl6EV6q5DesDKf8E2BDUDB1WTky
MqO9YxkxcG9F50jNnSYKoN8xnumr1LfoSUaKJpFq8JmmWpkh35Umo8a/bKHkrP4j
7E7fzjihlIGnk0x62veYJO7opodzwzpZAyGiwwFH/+f/9jxdaTb8T/Sa8vBYOo0T
esjcJQTtKJrN1uzQDnzNwVpLUIvSKIpKTu/4+oX9NXEkMY36t5cw0YyvQPVMkBDB
n/irHszGyNZu5uBmU6dnMUfRQQGaflB0pR9mCaV8YfiHVuAeA8k=
=joGp
-----END PGP SIGNATURE-----


Reply to: