Debian Security Advisory 4446-1

Debian Security Advisory 4446-1: Posted May 15, 2019; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4446-1 - It was discovered that the Lemonldap::NG web SSO system performed insufficient validation of session tokens if the "tokenUseGlobalStorage" option is enabled, which could grant users with access to the main session database access to an anonymous session.; tags | advisory, web; systems | linux, debian; advisories | CVE-2019-12046; SHA-256 | f9e4831d4e6bfe5319ca46b593f9ccfa8c06f227653e0e99572eea2f6cd66998; Download | Favorite | View

Debian Security Advisory 4446-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4446-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 14, 2019                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : lemonldap-ng
CVE ID         : CVE-2019-12046

It was discovered that the Lemonldap::NG web SSO system performed
insuffient validation of session tokens if the "tokenUseGlobalStorage"
option is enabled, which could grant users with access to the main
session database access to an anonymous session.

For the stable distribution (stretch), this problem has been fixed in
version 1.9.7-3+deb9u1.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzbL3AACgkQEMKTtsN8
TjZnyg/+OgtJMGgRLtuAlYm5vWJmmxwqw+Yqyvl9FHBI535Yfr5/F6b7cvXfn4A2
L0bSKYceLUmXT0D+8EIp6DxhhOiEEs5ME4PhboX4MJT79ln8CqCxngLmgTX4bh2T
kc5uEEkJoHwNf15vi1HIRPiRtv8f0gTFGZa9yAhR6XqrdqMLGtTYwR338r1wPr65
0gcGFNgUCL/JoI+QZSE5QyN/pseAiO32YbP4WkoIOukWlYanYQht4R2hQePU9b+p
tghcXyBEQ3Z2Z1F+SirkuIDuYOhPD3Uws+8cLVhX/CnVdjqDMc83kwSqBt6t1EEb
SGToAYXuIReR7MVZ6aBaEgkdFEouyvBh8JtlLAnm7CC0VLkG50cTOCHQjczezT/F
7YcdQ1EksXoa9IWb35PrmiLPw7iKnrTaIFfFH1+hJPjHst5QJ6pzwM4kDfY77Tpd
+RjgPDRo+1sYBHSqG26dWhkuqNXNjr3AMl3G+IZXdBy7LIiRvsV5fN6SZaGCNOhd
mtiJPtUxBigpNKtzkg0R72Jp9bOaYE8jqHdQfnOdtYiy2Kn+F7kwgm+dEfvMqHU8
rhBREAIf66DoXZGPZR7WH+8rLLyQgpq4qsEq2fTQZygpCUDBE4EXhEU4l+3jvFuH
9q00FcRAlT/u9rRqmTv0Z825zRztrdUasq/xrAQeOwJk0QFhJfU=
=SGxM
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Debian Security Advisory 4446-1

Debian Security Advisory 4446-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 4446-1

Share This

Debian Security Advisory 4446-1

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems