Debian Long Term Support / LTS Security Information / 2021 / Security Information -- DLA-2726-1 shiro

Debian Security Advisory

DLA-2726-1 shiro -- LTS security update

Date Reported:

02 Aug 2021

Affected Packages:

shiro

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 968753.
In Mitre's CVE dictionary: CVE-2020-13933, CVE-2020-17510.

More information:

It was discovered that there were two issues in shiro, a security framework for Java applications:

• CVE-2020-13933

  Fix an authentication bypass resulting from a specially crafted HTTP request.

• CVE-2020-17510

  Fix an authentication bypass resulting from a specially crafted HTTP request.

For Debian 9 stretch, these problems have been fixed in version 1.3.2-1+deb9u2.

We recommend that you upgrade your shiro packages.

For the detailed security status of shiro please refer to its security tracker page at: https://security-tracker.debian.org/tracker/shiro

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS