Login
Newsletter
Werbung
Sicherheit: Mangelnde Rechteprüfung in libspring-ldap-java
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in libspring-ldap-java
ID: DSA-4046-1
Distribution: Debian
Plattformen: Debian jessie
Datum: Do, 23. November 2017, 00:10
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8028

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4046-1                   security@debian.org
https://www.debian.org/security/                       Sebastien Delafond
November 22, 2017                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libspring-ldap-java
CVE ID         : CVE-2017-8028

Tobias Schneider discovered that libspring-ldap-java, a Java library
for Spring-based applications using the Lightweight Directory Access
Protocol, would under some circumstances allow authentication with a
correct username but an arbitrary password.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.1.RELEASE-5+deb8u1.

We recommend that you upgrade your libspring-ldap-java packages.

For the detailed security status of libspring-ldap-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libspring-ldap-java

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloVtEUACgkQEL6Jg/PV
nWSbSgf/aBFHoKWTrjUx9W++O+Fc7Or0ZqMYZgHRTmWxorIRL+QT18jxVYYwnKfe
JLvjuX68foYcS9oArbcNbafYWgjkRVZZCA05+RT8ws0c4qC4/0Gf909jn/7iUCp1
4bLdLNYrTm5rkk2a1iNOu7GDAo5bTanj/0uZVKp78U9mn3bJkzjy+TUSAe9Aw/fa
pBAGlIJfp7PSTB1BHjaW2cHActuTOKQyT9rN33GFK3lX40TqMesyOL7mZiJtBJ/C
+YtlrdHHL8uuQA9Fg6LMEzwMBOtmtgvaN6yVpn80BZSQ6nsL+r+xQRutGPup1Gq0
xaYT8ClXlaYknaKtTbZ6dJMdmvz4Bg==
=4Vlo
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten

1
Linux Foun­da­ti­on stellt Kon­fe­renz­plan 2018 vor

2
Ker­nel-Up­dates für Ubu­ntu 14.04, 16.04 und 17.04

0
OpenMan­d­ri­va stellt 32-Bit ein

0
Ana­ly­sel­ö­s­ung »Ma­ri­aDB AX« vor­ge­stellt

2
Spar­kyLi­nux 4.7 ak­tua­li­siert Sys­tem

6
Raspber­ry Pi Sli­de­show ak­tua­li­siert

2
OTRS 6 frei­ge­ge­ben

0
Su­per­Tu­xKart 0.9.3 mit zahl­rei­chen Neue­run­gen

31
Ubu­ntu 18.04 LTS soll Gno­me-Apps als Snaps brin­gen

1
OpenBSD ver­stei­gert hand­si­gnier­tes CD-Set
 
Werbung