[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4943-1] lemonldap-ng security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4943-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 23, 2021                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lemonldap-ng
CVE ID         : CVE-2021-35472

Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO
system. The flaws could result in information disclosure, authentication
bypass, or could allow an attacker to increase its authentication level
or impersonate another user, especially when lemonldap-ng is configured
to increase authentication level for users authenticated via a second
factor.

For the stable distribution (buster), these problems have been fixed in
version 2.0.2+ds-7+deb10u6.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD6Ur1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RETQ/9FvWtqO3n5dFtrmqedUuDUOyOyKGC0mQFYmAcNBS9vwi1tIcO/AjYwvkf
gxC2e4P0MCc8Zn4y8j3sfGIsMGDSsm4848/S3t4zlTjjcJdVxSGSgr+S80rztb8d
/CcpFxzk4+mAHTF0GUPDLKmXR/Ju6dLE4GS4Wd08KQzONsrqNxC2CN3lY4AcrrQj
XsvZT9PS3wAz0sjk3u8fFkRAvCKqk3/eqGNQ1AhkBqdylVVtnGR0Xk8Warhg+pcB
qv5U0cP52PnPcY2ff8qRR2NHwBQOnZArPmTeQSfdwVI9C0cVKeUIOGkozT7FvUVU
Uz4Ut/5Kfv9SK649JVIl4ibyiGGZKkNm/e4exrCx47GB4l5Aq8ai3U8CvtWOtcuh
c0k9D/y5WREJp6mPUYFeG7kz5Wsbdn/pd2Ca6XwPfrg7kpzWmMO8j5IqQKTokdjz
wokmyO5erO10V0dm5GD7of5jWysWZ/sfhHiQGlQixvN2zfkPNYmyqXRUh/L4MOQl
hhwlxu/B1hnJ6tkv1LXcU/pl3EX6VZNwa9fIS8rekLHzb6qGBExFFkTM9RNz+Vf/
O2jYgmk7j8Rlku8ARmnzH3zy+ecQgqiq95hdy2olzFvqZN1GXQwYLVGrlG0ktSTA
z2USa4wcmP8aAtYXu6g3tMG4NfbI5NYTnSTS7livWHiYWPz7u18=
=EfEo
-----END PGP SIGNATURE-----
Reply to: