1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4943-1] lemonldap-ng security update

    From Salvatore Bonaccorso@21:1/5 to All on Fri Jul 23 07:30:01 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4943-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    July 23, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : lemonldap-ng
    CVE ID : CVE-2021-35472

    Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO
    system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level
    or impersonate another user, especially when lemonldap-ng is configured
    to increase authentication level for users authenticated via a second
    factor.

    For the stable distribution (buster), these problems have been fixed in
    version 2.0.2+ds-7+deb10u6.

    We recommend that you upgrade your lemonldap-ng packages.

    For the detailed security status of lemonldap-ng please refer to its
    security tracker page at: https://security-tracker.debian.org/tracker/lemonldap-ng

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD6Ur1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RETQ/9FvWtqO3n5dFtrmqedUuDUOyOyKGC0mQFYmAcNBS9vwi1tIcO/AjYwvkf gxC2e4P0MCc8Zn4y8j3sfGIsMGDSsm4848/S3t4zlTjjcJdVxSGSgr+S80rztb8d /CcpFxzk4+mAHTF0GUPDLKmXR/Ju6dLE4GS4Wd08KQzONsrqNxC2CN3lY4AcrrQj XsvZT9PS3wAz0sjk3u8fFkRAvCKqk3/eqGNQ1AhkBqdylVVtnGR0Xk8Warhg+pcB qv5U0cP52PnPcY2ff8qRR2NHwBQOnZArPmTeQSfdwVI9C0cVKeUIOGkozT7FvUVU Uz4Ut/5Kfv9SK649JVIl4ibyiGGZKkNm/e4exrCx47GB4l5Aq8ai3U8CvtWOtcuh c0k9D/y5WREJp6mPUYFeG7kz5Wsbdn/pd2Ca6XwPfrg7kpzWmMO8j5IqQKTokdjz wokmyO5erO10V0dm5GD7of5jWysWZ/sfhHiQGlQixvN2zfkPNYmyqXRUh/L4MOQl hhwlxu/B1hnJ6tkv1LXcU/pl3EX6VZNwa9fIS8rekLHzb6qGBExFFkTM9RNz+Vf/ O2jYgmk7j8Rlku8ARmnzH3zy+ecQgqiq95hdy2olzFvqZN1GXQwYLVGrlG0ktSTA z2USa4wcmP8aAtYXu6g3tMG4NfbI5NYTnSTS7livWHiYWPz7u18=
    =EfEo
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)