Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4446-1] lemonldap-ng security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4446-1] lemonldap-ng security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4446-1] lemonldap-ng security update
  • Date: Tue, 14 May 2019 21:20:29 +0000
  • List-archive: https://lists.debian.org/msgid-search/20190514212029.56f3szgras5pmaqg AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 14 May 2019 21:20:49 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <17w75QOWyVL.A.NBF.xEz2cB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4446-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
May 14, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lemonldap-ng
CVE ID : CVE-2019-12046

It was discovered that the Lemonldap::NG web SSO system performed
insuffient validation of session tokens if the "tokenUseGlobalStorage"
option is enabled, which could grant users with access to the main
session database access to an anonymous session.

For the stable distribution (stretch), this problem has been fixed in
version 1.9.7-3+deb9u1.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzbL3AACgkQEMKTtsN8
TjZnyg/+OgtJMGgRLtuAlYm5vWJmmxwqw+Yqyvl9FHBI535Yfr5/F6b7cvXfn4A2
L0bSKYceLUmXT0D+8EIp6DxhhOiEEs5ME4PhboX4MJT79ln8CqCxngLmgTX4bh2T
kc5uEEkJoHwNf15vi1HIRPiRtv8f0gTFGZa9yAhR6XqrdqMLGtTYwR338r1wPr65
0gcGFNgUCL/JoI+QZSE5QyN/pseAiO32YbP4WkoIOukWlYanYQht4R2hQePU9b+p
tghcXyBEQ3Z2Z1F+SirkuIDuYOhPD3Uws+8cLVhX/CnVdjqDMc83kwSqBt6t1EEb
SGToAYXuIReR7MVZ6aBaEgkdFEouyvBh8JtlLAnm7CC0VLkG50cTOCHQjczezT/F
7YcdQ1EksXoa9IWb35PrmiLPw7iKnrTaIFfFH1+hJPjHst5QJ6pzwM4kDfY77Tpd
+RjgPDRo+1sYBHSqG26dWhkuqNXNjr3AMl3G+IZXdBy7LIiRvsV5fN6SZaGCNOhd
mtiJPtUxBigpNKtzkg0R72Jp9bOaYE8jqHdQfnOdtYiy2Kn+F7kwgm+dEfvMqHU8
rhBREAIf66DoXZGPZR7WH+8rLLyQgpq4qsEq2fTQZygpCUDBE4EXhEU4l+3jvFuH
9q00FcRAlT/u9rRqmTv0Z825zRztrdUasq/xrAQeOwJk0QFhJfU=
=SGxM
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4446-1] lemonldap-ng security update, Moritz Muehlenhoff, 14.05.2019

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang