- ------------------------------------------------------------------------- Debian LTS Advisory DLA-2501-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 20, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : influxdb Version : 1.1.1+dfsg1-4+deb9u1 CVE ID : CVE-2019-20933 An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics. By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. For Debian 9 stretch, this problem has been fixed in version 1.1.1+dfsg1-4+deb9u1. We recommend that you upgrade your influxdb packages. For the detailed security status of influxdb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/influxdb Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Debian LTS: DLA-2501-1: influxdb security update
December 20, 2020
An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics
Summary
Debian LTS Advisory DLA-2501-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 20, 2020 https://wiki.debian.org/LTS Version : 1.1.1+dfsg1-4+deb9u1 An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics. By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. For Debian 9 stretch, this problem has been fixed in version 1.1.1+dfsg1-4+deb9u1. We recommend that you upgrade your influxdb packages. For the detailed security status of influxdb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/influxdb Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Severity
Package : influxdb
CVE ID : CVE-2019-20933
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
