Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.4923 barbican security update 5 October 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: barbican Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-3100 Original Bulletin: https://www.debian.org/lts/security/2022/dla-3136 Comment: CVSS (Max): 7.1 CVE-2022-3100 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3136-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 04, 2022 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : barbican Version : 1:7.0.0-1+deb10u1 CVE ID : CVE-2022-3100 It was found that Barbican, a service for secret management and storage, was vulnerable to access bypass via query string injection. For Debian 10 buster, this problem has been fixed in version 1:7.0.0-1+deb10u1. We recommend that you upgrade your barbican packages. For the detailed security status of barbican please refer to its security tracker page at: https://security-tracker.debian.org/tracker/barbican Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmM753wACgkQnUbEiOQ2 gwIEThAAwPx6MVCnmlgQ5z1MlOqOm8d6RI0WFb5zhD/m/s0zpK5rCWoSEY5ag9QM s5tebyF/q8G41ftRrwAbWYMUpbre+EpjV22kg7YZdx0g9Rt3sy19KS+95ud6ONwO 5gjPbbXEaX2Ji2QAknq+uRCGAVVcalUb+5+ACO6K2VFfV2sKzDSOhS7RXqhUsDLo oqBAffZZwHm7+mM3lj8+SF2DZLy8oVPjmj3GvQBcjbPvIHfaYw1tLqJW9YY9Ep0c yUh+x5HtPYjrgbhoTYh/kW26ZAzJ6qK7uKTf4nCt0pIsmh+ZuLYDin0zNFI0P26u ZknFfhloG2T42x7AHVxzGqdxISM/okUwQbsPMqI7Olcians1NeifNeiP9EcGuHnR AbXSkZ5THzQkHZfO/hajqJWubx/gwObRccgJcpLsNEPj+l9vUH52A85wGXydQ9Ew VehkboETTRYLC9jp7TMEStoTdZc70WCR2x4gZKm/95Dzq0g5EzRR/heu1wLXxFVY 7TE+jbD4N+V0HrpQ0tvrfSzRpFMvyrZ8Bvl8Bo4A6eIDozAz58lcwf5A70JjrnUo 3IkBOxGDyhJEg2BrPbrQugq5bJTjE6/ukg0Or3e9AtSxn4rz3yCZDQms4XclFonE ZCl/EKSiDIHdDHOvN3QXvmFiNSL4QaCfOZlVUpIWuLCHXfDZ2xM= =msFo - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYzznWckNZI30y1K9AQh4MQ/8DmNB3zoEnMfPiHAASrilFXXEeHjLoSyS uOptaSzK07NbB0r7WRAzLOHbhcuFDVwvgX+utZxW/bjab1BxwAREjRctazA7Td/K r9hAi9GygWwFzJRd17BnfDYV9fNEqeD7NmDe59ch54qMNv75g5u+PfBVdyz8ynOL v7O6GmoYwzC5yATNKaOssOyW7dkMxh33VKnic3veOBwZcxANl1ZqMJmfAOdoxEcX /9s/c6JALxPOgzETIvruCY48zMH00ICrgJvUV3rb6KoRKDsPnHJMzKmbLkoJsFzA VpeKw3SuMVU8RUhf2Is82PEp/1D9mFeiv+QgIlyb301fudp5YpG2q7E5ZwxKPj6N ziHovYT/kGtf76Xecd373tQCtBFiGoUHqu7ZxFprCxT7CxWrFriDELcv85G72Wgi sIEUnWKC2N3E7uz772zXdywvTkdfeZ9jT+jDW+zkh5Ij0xxJ7Lqx7Ev8HK3ToYlQ XNNFGrtjVcZuonCFx7JFrsFGmsYAXUNwEs6rxQVtdW2ZTfptR3Fp0jjxdY1SEamD M52T6UEzhUtQqB/TmEzf26I0ejLExTG2NEIj696BvIfZnHizuMATBd7EsQjsmuW5 gu99n9iDl1ILLmA3xkOJmi3Cfu09WOcO9C2zOzweGQIwcSlQqNqGcBcX+vWKTED9 u/mHT4yS7Dc= =6VaY -----END PGP SIGNATURE-----