CVE-2017-5361 in Ubuntu

CVE-2017-5361

Priority

Description

Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x
before 4.4.2 does not use a constant-time comparison algorithm for secrets,
which makes it easier for remote attackers to obtain sensitive user
password information via a timing side-channel attack.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5361

Notes

Package

Source: request-tracker4 (LP Ubuntu Debian)

Upstream:	released (4.4.1-4)
Ubuntu 18.04 LTS:	not-affected (4.4.1-4)
Ubuntu 20.04 LTS:	not-affected (4.4.1-4)
Ubuntu 21.10:	not-affected (4.4.1-4)
Ubuntu 22.04 LTS:	not-affected (4.4.1-4)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Package

Source: rt-authen-externalauth (LP Ubuntu Debian)

Upstream:	released (0.10-4+deb7u1, 0.25-1+deb8u1)
Ubuntu 18.04 LTS:	DNE
Ubuntu 20.04 LTS:	DNE
Ubuntu 21.10:	DNE
Ubuntu 22.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

Upstream:

https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9

More Information

Updated: 2022-04-25 00:21:35 UTC (commit ecc1009cb19540b950de59270950018900f37f15)