Debian Linux Security Advisory 4943-1 - Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a second factor.
09d0700a290d154bf2f6f5a21887040e4a7e0ff61710ae283859aaea342ab1fd-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4943-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : lemonldap-ng
CVE ID : CVE-2021-35472
Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO
system. The flaws could result in information disclosure, authentication
bypass, or could allow an attacker to increase its authentication level
or impersonate another user, especially when lemonldap-ng is configured
to increase authentication level for users authenticated via a second
factor.
For the stable distribution (buster), these problems have been fixed in
version 2.0.2+ds-7+deb10u6.
We recommend that you upgrade your lemonldap-ng packages.
For the detailed security status of lemonldap-ng please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmD6Ur1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RETQ/9FvWtqO3n5dFtrmqedUuDUOyOyKGC0mQFYmAcNBS9vwi1tIcO/AjYwvkf
gxC2e4P0MCc8Zn4y8j3sfGIsMGDSsm4848/S3t4zlTjjcJdVxSGSgr+S80rztb8d
/CcpFxzk4+mAHTF0GUPDLKmXR/Ju6dLE4GS4Wd08KQzONsrqNxC2CN3lY4AcrrQj
XsvZT9PS3wAz0sjk3u8fFkRAvCKqk3/eqGNQ1AhkBqdylVVtnGR0Xk8Warhg+pcB
qv5U0cP52PnPcY2ff8qRR2NHwBQOnZArPmTeQSfdwVI9C0cVKeUIOGkozT7FvUVU
Uz4Ut/5Kfv9SK649JVIl4ibyiGGZKkNm/e4exrCx47GB4l5Aq8ai3U8CvtWOtcuh
c0k9D/y5WREJp6mPUYFeG7kz5Wsbdn/pd2Ca6XwPfrg7kpzWmMO8j5IqQKTokdjz
wokmyO5erO10V0dm5GD7of5jWysWZ/sfhHiQGlQixvN2zfkPNYmyqXRUh/L4MOQl
hhwlxu/B1hnJ6tkv1LXcU/pl3EX6VZNwa9fIS8rekLHzb6qGBExFFkTM9RNz+Vf/
O2jYgmk7j8Rlku8ARmnzH3zy+ecQgqiq95hdy2olzFvqZN1GXQwYLVGrlG0ktSTA
z2USa4wcmP8aAtYXu6g3tMG4NfbI5NYTnSTS7livWHiYWPz7u18=
=EfEo
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed