DLA 2273-1: shiro security update

Debian 10218 Published by

A shiro security update has been released for Debian GNU/Linux 9 LTS to address two security issues.



DLA 2273-1: shiro security update



Package : shiro
Version : 1.3.2-1+deb9u1
CVE IDs : CVE-2020-1957 CVE-2020-11989
Debian Bug : #955018

It was discovered that there was two issues in shiro, a security
framework for Java application:

* CVE-2020-1957: Fix a path-traversal issue where a
specially-crafted request could cause an authentication bypass.

* CVE-2020-11989: Fix an encoding issue introduced in the handling
of the previous CVE-2020-1957 path-traversal issue which itself
could have also caused an authentication bypass.

For Debian 9 "Stretch", these issues have been fixed in shiro version
1.3.2-1+deb9u1.

We recommend that you upgrade your shiro packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS

ELSA-2020-5750 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2020-2828 Important: Oracle Linux 8 firefox security update

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...