it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4943-1] lemonldap-ng security update

From: Salvatore Bonaccorso <carnil AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 4943-1] lemonldap-ng security update
Date: Fri, 23 Jul 2021 05:27:10 +0000
Authentication-results: mail02.piratenpartei.de; dkim=none; spf=none (mail02.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/E1m6niI-00049w-6n AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=/hhZ6jKR4SVAGgClmMYttD6GPa40damYvyiwD5EFMBs=; b=us FHmxYSqdOQZz8m/xhqEvvdDB8hXVeeTQvnf2AoxLtzAOeWJHvmuIhtxgW0BpZAKsjEK+FQbJeYSV+ QfVzOp2wwkA/qdXSewME6659tJ7Mv/AoB9tNNvpBIXjsLvkJoF8vRXL2pjq1q8crEdzWvdcQ6drcE DIQ37y04s225RcpFtoQ0L+pwZIagMouC8Hnfig8Xvns3oTyZYAbUZWhpUdT75DvvssvjjngsBYhVj 5cuaCkwuMVlHnvyeLMwGzP8VcI6XSP0U5/qk18HNAP33bHVC8QJAmOjGcmrEezvsyhLOGJXbMf+Kv fcCjxXlOsgCJGSmD+Zmysw7A/cIa13EQ==;
Old-return-path: <carnil AT seger.debian.org>
Priority: urgent
Resent-date: Fri, 23 Jul 2021 05:27:29 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <UKwEpKCzC1C.A.66H.BNl-gB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4943-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : lemonldap-ng
CVE ID : CVE-2021-35472

Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO
system. The flaws could result in information disclosure, authentication
bypass, or could allow an attacker to increase its authentication level
or impersonate another user, especially when lemonldap-ng is configured
to increase authentication level for users authenticated via a second
factor.

For the stable distribution (buster), these problems have been fixed in
version 2.0.2+ds-7+deb10u6.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD6Ur1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RETQ/9FvWtqO3n5dFtrmqedUuDUOyOyKGC0mQFYmAcNBS9vwi1tIcO/AjYwvkf
gxC2e4P0MCc8Zn4y8j3sfGIsMGDSsm4848/S3t4zlTjjcJdVxSGSgr+S80rztb8d
/CcpFxzk4+mAHTF0GUPDLKmXR/Ju6dLE4GS4Wd08KQzONsrqNxC2CN3lY4AcrrQj
XsvZT9PS3wAz0sjk3u8fFkRAvCKqk3/eqGNQ1AhkBqdylVVtnGR0Xk8Warhg+pcB
qv5U0cP52PnPcY2ff8qRR2NHwBQOnZArPmTeQSfdwVI9C0cVKeUIOGkozT7FvUVU
Uz4Ut/5Kfv9SK649JVIl4ibyiGGZKkNm/e4exrCx47GB4l5Aq8ai3U8CvtWOtcuh
c0k9D/y5WREJp6mPUYFeG7kz5Wsbdn/pd2Ca6XwPfrg7kpzWmMO8j5IqQKTokdjz
wokmyO5erO10V0dm5GD7of5jWysWZ/sfhHiQGlQixvN2zfkPNYmyqXRUh/L4MOQl
hhwlxu/B1hnJ6tkv1LXcU/pl3EX6VZNwa9fIS8rekLHzb6qGBExFFkTM9RNz+Vf/
O2jYgmk7j8Rlku8ARmnzH3zy+ecQgqiq95hdy2olzFvqZN1GXQwYLVGrlG0ktSTA
z2USa4wcmP8aAtYXu6g3tMG4NfbI5NYTnSTS7livWHiYWPz7u18=
=EfEo
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 4943-1] lemonldap-ng security update, Salvatore Bonaccorso, 23.07.2021

Archiv bereitgestellt durch MHonArc 2.6.24.