-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian LTS Advisory DLA-2501-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Thorsten Alteholz
December 20, 2020 https://wiki.debian.org/LTS
- -
Package: influxdb
Version: 1.1.1+dfsg1-4+deb9u1
CVE ID : CVE-2019-20933
An issue has been found in influxdb, a scalable datastore for metrics,
events, and real-time analytics.
By using a JWT token with an empty shared secret, one is able to bypass
authentication in services/httpd/handler.go.
For Debian 9 stretch, this problem has been fixed in version
1.1.1+dfsg1-4+deb9u1.
We recommend that you upgrade your influxdb packages.
For the detailed security status of influxdb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/influxdb
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/fCzdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd5MRAAgcYaZ/z5QtMJhfY2KO3xaRzqwpl13xmmdKN8ryFGQraqDbEccggWaDih
f7kXJrbC9uaNGq5IbOJdCaIF1pEioO6JHmL9HKgKnkjhggjNfXLyjDfM+yEMg6H0
r/Oxvhv5Zvi2a+bkDtPKFHAddYCilo+Bo6rWvw0YIHiAiRfrWma23QDsPvZOyeRp
yxX1LbgTT+UsS2pMt5e+Ipo8GJd511eGxrNb3J4mXQH6PD6ipbtTrTNkqkm5UlIx
sXegm99CSHFSx3B/HnwBr0Ym78ELRAkhjZBkcr5PBQgsmzrurHFEegGQAiRsWkIO
Q1ZsPjU3JUeJYxvmot0d8w/XEScW+Gbno2Ph28sBb9pjkvh9NWVbkq4Xub/FPAVg
Mh+46Y6aXZCd0G/BPpyZOPPZil2RGJXDrzQu7wZ0BgtkXbprRMAOThDoTIWd+p6O
ZGGS1zf6sn0EVJQZyAIVBwGnTCqCjFXqa1rJsziknju3D02nzZY9zPiIQ7XTmRlW
O37ucr+vcLEV43yICihkMhiHvcyyktEvtaccDlA/l6fss+JqN24b0yqB9NjI+92n
1SICVek4XCzC6DLHSR6+AX+V5iSCC+i9enWwPJ0Fs6le+yHwCFSwMsHUjp7PlcB3
rg4MIy5YcCMRi4SC1FpnniIIK9IIHJygk+MgWDiIvnYBfI5yQYw=
=oymj
-END PGP SIGNATURE-