Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0023
influxdb security update
4 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: influxdb
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-20933
Reference: ESB-2020.4542
ESB-2020.4507
ESB-2020.4310
Original Bulletin:
http://www.debian.org/security/2021/dsa-4823
- --------------------------BEGIN INCLUDED TEXT--------------------
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4823-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
January 01, 2021 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : influxdb
CVE ID : CVE-2019-20933
It was discovered that incorrect validation of JWT tokens in InfluxDB,
a time series, metrics, and analytics database, could result in
authentication bypass.
For the stable distribution (buster), this problem has been fixed in
version 1.6.4-1+deb10u1.
We recommend that you upgrade your influxdb packages.
For the detailed security status of influxdb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/influxdb
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/vbN4ACgkQEMKTtsN8
TjaxRw//e2Garai/wwzfO25MIwHl7+/dmd/4cJXF1fOUA97gwvkK3qd1UIq4vb4g
FBUQnhDtV3J94DVVK+EzZOnhtMNLoNES/RGrFpBCJZq0+UrtAEdEBXjo0xkipY+i
OzwWIO6TEPebWQ0BYdS5hPVRTsbpvoVG1wP2X9/vPxCR6aNQJxllbnGfoFBU8XxS
U9YSHJZJZTY71NyegdI3vUbIrRPlFvqxHNdGgKUwAxyIXpmJynIH8P//qgkCyuOG
hQ+xV2jUU4azVqk+5YvSX6nQ9mlZWAxv9VWqzoy87X5ee4kBZDHboEkyBo6nrzCH
TQeFJ8U3RDWJSXub4irS7Jrduq41tYSdDSSR89tjoTKnmSGpHLMr092L0z38a7i6
RqCN5TB9/xZoA1+01oIQ2s4SyweXwYuFZrJ+yKH/lH7hACpbxUWGbqCMgKrT0XXn
/SXk3TD6qkkXV7dUJVy1SNSTJZ3RYN2tdeRFBy1ekmkAKy6gc0izMsiTvFZ4+2WU
TkV7eYeH40r86Cvx3D2vmGLKxigGoNqzMtDVrqEQ2r4GWDgVIj4m6fMhHBLQHTY2
Qs088piCTYtATVcwOfc1QnpcDoB5glF2vBh9s5xbax0DgzN//VqBoezgzcuU2sxL
w4rC2Qfby0lVde1x3pjrt3xvXiu71xmow5FYCCk6F5KGkG/zQUk=
=nGsx
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX/KZBeNLKJtyKPYoAQgxhQ/+IhrEypbBCtwpaapXWls12wCTHUUSxVHr
OpPVbd6jNAytZUdt6Qum7s67iSrvfd521aPCxO2q1S1n46/XeJ9CCtC5K/Q2dYnL
eI5vjwUebZuaGKM5maljHfQwhH89WKJsAlNTMoWWgFK4KMNHp/pNxXJjcxk4fJtS
TD6sMREh7O+f6WfzCOfgHrEKy1/sb6KgX1jHP/3QwdwaLPKcNHa5lN2KbhYEQGNU
5ysCc10dzyT116G1dsgV8XOXgOleWRFWAAiFGmq3ER54JIgoPZwn0DCshAYd9l0W
CArC0iNRiq5HAD1hZaHq8WaMhN7TC5IdkX3mx4LGCUmTeAY9KcNioZKjVWvJ93xi
5jRD501iPeFu7uhFOlNjaprpnZzccd5nX8smBzLZYzdkmvR55A0dRPdbLmDuI+GI
qfg2IOhpMP1GI3AcUazYPMDLjiwh4Suw5HV846hJAg7lc70VBF9siB8xtNM8TyiL
PlbxwNO5xacwOJ1VWOhBkDIO9iW6y574bJqHg26K+8KALEGBipMMN32Za1LxTbY7
7RDlzO5Na/IFMvXXH0E66dE/T8tUpTt3+e6GJuO5Gu82gxr++jOidaDDxwr6bJDa
VGLa+44nne6hTNHKl+0vB/WQ6Y/VPg+n0LLQJcTUmj1Yex8AWCu1lIunJptzYnPa
l96WNVD0v+Y=
=9x15
-----END PGP SIGNATURE-----