diff options
author | Chris Lamb <lamby@debian.org> | 2023-11-07 12:06:37 +0000 |
---|---|---|
committer | Chris Lamb <lamby@debian.org> | 2023-11-07 12:06:37 +0000 |
commit | e300c9a7f61d2627877ef784fe23f192b11d781c (patch) | |
tree | d874021093c6c5c0a843e92e27f34ae320295334 /english/lts | |
parent | c6667e635c97353cbb0afee817a9b0ec2b448a02 (diff) |
Add DLA-3648-1 for tang.
Diffstat (limited to 'english/lts')
-rw-r--r-- | english/lts/security/2023/dla-3648.data | 9 | ||||
-rw-r--r-- | english/lts/security/2023/dla-3648.wml | 32 |
2 files changed, 41 insertions, 0 deletions
diff --git a/english/lts/security/2023/dla-3648.data b/english/lts/security/2023/dla-3648.data new file mode 100644 index 00000000000..9c9aba2e9b7 --- /dev/null +++ b/english/lts/security/2023/dla-3648.data @@ -0,0 +1,9 @@ +<define-tag pagetitle>DLA-3648-1 tang</define-tag> +<define-tag report_date>2023-11-07</define-tag> +<define-tag secrefs>CVE-2023-1672</define-tag> +<define-tag packages>tang</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security diff --git a/english/lts/security/2023/dla-3648.wml b/english/lts/security/2023/dla-3648.wml new file mode 100644 index 00000000000..616f1652d6d --- /dev/null +++ b/english/lts/security/2023/dla-3648.wml @@ -0,0 +1,32 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> + +<p>It was discovered that there was a race condition in Tang, a network-based +cryptographic binding server. This flaw resulted in a small time window whereby +newly-generated private keys were readable by other processes on the same +machine.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-1672">CVE-2023-1672</a> + + <p>A race condition exists in the Tang server functionality for key + generation and key rotation. This flaw results in a small time window where + Tang private keys become readable by other processes on the same + host.</p></li> + +</ul> + +<p>For Debian 10 <q>Buster</q>, this problem has been fixed in version +7-1+deb10u2.</p> + +<p>We recommend that you upgrade your tang packages.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2023/dla-3648.data" +# $Id: $ |