Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.3283 ldap-account-manager security update 6 July 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ldap-account-manager Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2022-31088 CVE-2022-31087 CVE-2022-31086 CVE-2022-31085 CVE-2022-31084 CVE-2022-24851 Original Bulletin: https://lists.debian.org/debian-security-announce/2022/msg00145.html Comment: CVSS (Max): 4.8* CVE-2022-24851 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N * Not all CVSS available when published - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5177-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2022 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ldap-account-manager CVE ID : CVE-2022-24851 CVE-2022-31084 CVE-2022-31085 CVE-2022-31086 CVE-2022-31087 CVE-2022-31088 Arseniy Sharoglazov discovered multiple security issues in LDAP Account Manager (LAM), a web frontend for managing accounts in an LDAP directory, which could result in information disclosure or unauthenticated remote code execution. For the stable distribution (bullseye), these problems have been fixed in version 8.0.1-0+deb11u1. We recommend that you upgrade your ldap-account-manager packages. For the detailed security status of ldap-account-manager please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ldap-account-manager Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmLEgg8ACgkQEMKTtsN8 TjaV7A//Xwi/YpmJDk5XHjBUWrTNJOAW8mMwTrO+RyW0vmL2q0gteVka8nTWTots 7wpj+2MK5owLhkjEBfkHoKANvJxtZD0YBEcGLlYvtCj7LM6YmYMwjzuH7QLmyzxx RcLuiKcoKdJpVAJNoKZK+vxowxIJIEUCWoGTIWA/4QDGq7pm7fdX76CDQrnuAzG2 96+yI9/NJNK5D9hGmod2t5tg9LrrC+fhzL6f7IEN7/iQlBerQl1ruB6R6Jto0eOC KEqwyWtV/4emyl+5NFivSm82pqiQomxMJna5aAX8l/c8BTv7tZtqYQ8tLm1OUO5l e99G0zmSfdy/WmZtXSqd9qdfgBklmJqLozXSI1pAj7dOCXd/gtuIa4+M6utAz3pk gEEyJLgIjUPUXRJf12r+2s2G4JANiyVO5AazTAKyHupX+Ivi1qqXUAvJC0sntaLU rBkDoT/+c2Iyxpwo7wYE7UxVQyRxEW43bsVd2mhAWq4f2SoUz+42rM9Sa4QEhl3p Vehyj58VWC3IG6OANjLk3BDkB72LhWke824of6FiKraWe360DZ9FPOpD5bR+bjLU U3wzFuVCtY0cvVTdtBCQ+DaehVtZtX/rv3oL6HlSRj74Bko6Z7ivM4j/Qnntloe3 vr3f5hRLNivQfX2I680rgnDVJCP1yLn97OQUM4kVkDHdQTOVsmQ= =PYOn - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBYsUwC8kNZI30y1K9AQgEYA/9EkS7ANxBUndTZWnUfd4KHbLJMRUFr6Qa 6hBYnMEfNHBPDt/lCuNgErnVd4IxSlcTwPL8EIeYwBJ1q/Qly0hEg6XhRmQgPQ/S Wdcoi0m/zZV88l4jajv73sOTxj6PPioQz7FXcyuAdKCi4ZyppwKiY/ctI0sqzHZ8 +cCd+8HzWJlmRUGoDzVRZNVT3oqSIlAM0F2LNom61k0U4EAKF4ClDhYCOHPK1Tgr mZJmwkv7meTyqvYyV/g4UjtEcKiJiLyZ+nFsn95XQnb7wulnKglJQLV8PaHpjbQs nE1/mnrNmltlZBFQPYxmqAChNgKxrsJZdwB2XmfAt20XEPe/2h6RQtfZAdQFGfNt l/VSI7Rp+yhfRONlgp/hhPo60iagsAVWS+ulD1BWEFI8wGWJGbyBAN0gluSJx4iu hAkJ8bS0Oj4yJInsQF/DlMbUusjP580sHNdaEkIhiUGtSqcvbOy4KS8SHJkmV24F DYu9niBjL5R3H+BIx3QHP0/7AXADp3OUkoDhUH2HVCS8O1lF8liHNRrMNQXxvWfa DgJkK9BS4J0n3PmzB4Gg3lyTtvHaQKqECYGShvWJrA8YomqVYOmuwFIxFadVvIB9 4+eTKZUI6ZHVJXj9B9RWQizV3gwuYo3Cjzrq/HD3mDBLIwqiNFAxGZLEAQeOtpic uVnbx+LLhH4= =WWaI -----END PGP SIGNATURE-----