drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in lemonldap-ng
Name: |
Mehrere Probleme in lemonldap-ng |
|
ID: |
DSA-4943-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Fr, 23. Juli 2021, 07:36 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35472 |
|
Applikationen: |
LemonLDAP::NG |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4943-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2021 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : lemonldap-ng CVE ID : CVE-2021-35472
Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a second factor.
For the stable distribution (buster), these problems have been fixed in version 2.0.2+ds-7+deb10u6.
We recommend that you upgrade your lemonldap-ng packages.
For the detailed security status of lemonldap-ng please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lemonldap-ng
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD6Ur1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RETQ/9FvWtqO3n5dFtrmqedUuDUOyOyKGC0mQFYmAcNBS9vwi1tIcO/AjYwvkf gxC2e4P0MCc8Zn4y8j3sfGIsMGDSsm4848/S3t4zlTjjcJdVxSGSgr+S80rztb8d /CcpFxzk4+mAHTF0GUPDLKmXR/Ju6dLE4GS4Wd08KQzONsrqNxC2CN3lY4AcrrQj XsvZT9PS3wAz0sjk3u8fFkRAvCKqk3/eqGNQ1AhkBqdylVVtnGR0Xk8Warhg+pcB qv5U0cP52PnPcY2ff8qRR2NHwBQOnZArPmTeQSfdwVI9C0cVKeUIOGkozT7FvUVU Uz4Ut/5Kfv9SK649JVIl4ibyiGGZKkNm/e4exrCx47GB4l5Aq8ai3U8CvtWOtcuh c0k9D/y5WREJp6mPUYFeG7kz5Wsbdn/pd2Ca6XwPfrg7kpzWmMO8j5IqQKTokdjz wokmyO5erO10V0dm5GD7of5jWysWZ/sfhHiQGlQixvN2zfkPNYmyqXRUh/L4MOQl hhwlxu/B1hnJ6tkv1LXcU/pl3EX6VZNwa9fIS8rekLHzb6qGBExFFkTM9RNz+Vf/ O2jYgmk7j8Rlku8ARmnzH3zy+ecQgqiq95hdy2olzFvqZN1GXQwYLVGrlG0ktSTA z2USa4wcmP8aAtYXu6g3tMG4NfbI5NYTnSTS7livWHiYWPz7u18= =EfEo -----END PGP SIGNATURE-----
|
|
|
|