Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0023 influxdb security update 4 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: influxdb Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-20933 Reference: ESB-2020.4542 ESB-2020.4507 ESB-2020.4310 Original Bulletin: http://www.debian.org/security/2021/dsa-4823 - --------------------------BEGIN INCLUDED TEXT-------------------- - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4823-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff January 01, 2021 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : influxdb CVE ID : CVE-2019-20933 It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass. For the stable distribution (buster), this problem has been fixed in version 1.6.4-1+deb10u1. We recommend that you upgrade your influxdb packages. For the detailed security status of influxdb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/influxdb Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/vbN4ACgkQEMKTtsN8 TjaxRw//e2Garai/wwzfO25MIwHl7+/dmd/4cJXF1fOUA97gwvkK3qd1UIq4vb4g FBUQnhDtV3J94DVVK+EzZOnhtMNLoNES/RGrFpBCJZq0+UrtAEdEBXjo0xkipY+i OzwWIO6TEPebWQ0BYdS5hPVRTsbpvoVG1wP2X9/vPxCR6aNQJxllbnGfoFBU8XxS U9YSHJZJZTY71NyegdI3vUbIrRPlFvqxHNdGgKUwAxyIXpmJynIH8P//qgkCyuOG hQ+xV2jUU4azVqk+5YvSX6nQ9mlZWAxv9VWqzoy87X5ee4kBZDHboEkyBo6nrzCH TQeFJ8U3RDWJSXub4irS7Jrduq41tYSdDSSR89tjoTKnmSGpHLMr092L0z38a7i6 RqCN5TB9/xZoA1+01oIQ2s4SyweXwYuFZrJ+yKH/lH7hACpbxUWGbqCMgKrT0XXn /SXk3TD6qkkXV7dUJVy1SNSTJZ3RYN2tdeRFBy1ekmkAKy6gc0izMsiTvFZ4+2WU TkV7eYeH40r86Cvx3D2vmGLKxigGoNqzMtDVrqEQ2r4GWDgVIj4m6fMhHBLQHTY2 Qs088piCTYtATVcwOfc1QnpcDoB5glF2vBh9s5xbax0DgzN//VqBoezgzcuU2sxL w4rC2Qfby0lVde1x3pjrt3xvXiu71xmow5FYCCk6F5KGkG/zQUk= =nGsx - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX/KZBeNLKJtyKPYoAQgxhQ/+IhrEypbBCtwpaapXWls12wCTHUUSxVHr OpPVbd6jNAytZUdt6Qum7s67iSrvfd521aPCxO2q1S1n46/XeJ9CCtC5K/Q2dYnL eI5vjwUebZuaGKM5maljHfQwhH89WKJsAlNTMoWWgFK4KMNHp/pNxXJjcxk4fJtS TD6sMREh7O+f6WfzCOfgHrEKy1/sb6KgX1jHP/3QwdwaLPKcNHa5lN2KbhYEQGNU 5ysCc10dzyT116G1dsgV8XOXgOleWRFWAAiFGmq3ER54JIgoPZwn0DCshAYd9l0W CArC0iNRiq5HAD1hZaHq8WaMhN7TC5IdkX3mx4LGCUmTeAY9KcNioZKjVWvJ93xi 5jRD501iPeFu7uhFOlNjaprpnZzccd5nX8smBzLZYzdkmvR55A0dRPdbLmDuI+GI qfg2IOhpMP1GI3AcUazYPMDLjiwh4Suw5HV846hJAg7lc70VBF9siB8xtNM8TyiL PlbxwNO5xacwOJ1VWOhBkDIO9iW6y574bJqHg26K+8KALEGBipMMN32Za1LxTbY7 7RDlzO5Na/IFMvXXH0E66dE/T8tUpTt3+e6GJuO5Gu82gxr++jOidaDDxwr6bJDa VGLa+44nne6hTNHKl+0vB/WQ6Y/VPg+n0LLQJcTUmj1Yex8AWCu1lIunJptzYnPa l96WNVD0v+Y= =9x15 -----END PGP SIGNATURE-----