-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Architecture: source Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: HTCondor Developers <condor-debian@cs.wisc.edu> Changed-By: Markus Koschany <apo@debian.org> Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: 91ca41adaa5e672ff353e3e637868bac7e5f4c89 3129 condor_8.6.8~dfsg.1-2+deb10u1.dsc 1860085fdcc03d25851bbaa32f9562cbb219606a 10532736 condor_8.6.8~dfsg.1.orig.tar.gz 2e3ee6d6e64cbcc074fedf5fc3f953a8b5479b12 82648 condor_8.6.8~dfsg.1-2+deb10u1.debian.tar.xz edcd0afd9cdb8bd157bb9bfb6caec2b4ed00946b 17347 condor_8.6.8~dfsg.1-2+deb10u1_source.buildinfo Checksums-Sha256: e5b22a3c2473bc9a78bc8b1e3b92cf4b43fbc75b352ea0bcb97c9d731fb796bd 3129 condor_8.6.8~dfsg.1-2+deb10u1.dsc 6d696a09d94fb55765593aa08628bd1170cbb687775d00f12c309b6af83c7356 10532736 condor_8.6.8~dfsg.1.orig.tar.gz 2db4fe73415e5ad67b7251106c02cf6ba572baa39280152c518694c1cdd49409 82648 condor_8.6.8~dfsg.1-2+deb10u1.debian.tar.xz c2411e14e1d0d595b6ea3adc8aacabc300e7392204a4e5cc12e53135a5c6d682 17347 condor_8.6.8~dfsg.1-2+deb10u1_source.buildinfo Files: a237d2042d166ea8771f11529a5e01dd 3129 science extra condor_8.6.8~dfsg.1-2+deb10u1.dsc 4ebe1e0f25048804cacb29232103dc0c 10532736 science extra condor_8.6.8~dfsg.1.orig.tar.gz b09f3e434bb70112f737dce7e6b1d397 82648 science extra condor_8.6.8~dfsg.1-2+deb10u1.debian.tar.xz 764a6686460fcada28d9be23d237c905 17347 science extra condor_8.6.8~dfsg.1-2+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKKUzxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkZTMP/3gK6pnjrQ+a1bwiXl+3DK5sVy3PbM4cafpd jExgDSI0nZ3cFKF8vtGLS2uCn8eP6IdRCSE6qZAgpTTpn4luG6qHJDOM2ARF9h7r 0bhlt7oX0cToRX0XLwYLJQI5CWnbgeqGotg5zolQmFT9LTlwCnHok0wyulTts0LL qKUVoYwUWepmvEGpc19zCCKzh3LTQoKvJMNGqcd9g3+U0I8A21rzoAIXuSV3lEih 2Ak5yfs5VijZJpT6rWQ7aY5lD6zJqf1UeHB15G6HZhFtarEYkCD87euwORx0ipqu Srckk0GYo81YCFur6fSJnD3ZFa15I1TZObp5eQjcqaSbkxATEfzOR4r7P5LPNXeo pQTbkQwM01ab6hmQ1FrdvRdoOp3acqN1qO6Orxlm4HSMAh3RVzUzgNQ8GFZNMLnI ufePQYz0BBe4vNKwnhgQEXShzKQ2HfpFXsBALGPYE9PbYkOblsyxmhWKX5r1c3oB MbymFC2sl3BSfi7wBNC+FvJDx+LOR6/gXmBQQTdRxbckgf0vzTrc/Hg1EwKGN4MY x4KXQAWN14anCfw4wl1TWmkQXE2jWwnJJqeqLNnCtHLW0sE4+m9b/J8/abIaQMtX +b724himfmL8OnJaz0jBQ9zQSDeY6Q/jDE9T+eIqU33Oc2omHMk1XNZ5RGaslvTk OQtFxvDE =98Nd -----END PGP SIGNATURE-----