Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1067 Two vulnerabilities in LDAP Account Manager 10 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ldap-account-manager Publisher: Debian Operating System: Debian GNU/Linux 7 Impact/Access: Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-8763 Reference: ESB-2018.1000 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/04/msg00007.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ldap-account-manager Version : 3.7-2+deb7u1 CVE ID : CVE-2018-8763 Michal Kedzior found two vulnerabilities in LDAP Account Manager, a web front-end for LDAP directories. CVE-2018-8763 The found Reflected Cross Site Scripting (XSS) vulnerability might allow an attacker to execute JavaScript code in the browser of the victim or to redirect her to a malicious website if the victim clicks on a specially crafted link. For Debian 7 "Wheezy", these problems have been fixed in version 3.7-2+deb7u1. We recommend that you upgrade your ldap-account-manager packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlrLFwYACgkQKpJZkldk SvrWuQ//QRn2ZlJjG4WVs5XJNGOGdmjcxh9D41ndUk4kdazI++nRI4tftEkEdkFM 6y6dpOzpJ/RM2h1nSG4yC9NJoTfpRqkeYTPcO035Bmg8QZkqN/RvPOR5G+pqJbRr S74OpI6cslTW2hEHBZ9g9ZydTxWKZkiAzWCvMdncbyy19zFGVlPZ456DOoykYga+ ILX/6C8uBZ5aTGUSZvRc7Vsz1+iI2ibUK9cHdqHixI7gpeMredahJf6cOabghfMi XnC4VFXaqpnstVfK7PQEGaR8gcBkD05XIcyyc6kIx0xMnIFjll6oXa+AoPtnXFIH guhIl3fWSs2rfo+xWF5el63Z0mrzjVqdG0pfeXrPWdY9GlZZyuQz1S+lqoO0NtVs TNMx3T40WSvqQnQAFRT0w66UwmTfVOSw56J9Y/NjR8X8gjRAD5rRRrSYdzg3x/rc In4oQGZIdWm0LXjccFtS0vsGrHws8AuHWUIHwA0SuJNCrNoNHsRpS77/+qbQVX9B Giwl4Ijaa4YwpVMyV694xzC1AOQk18dP7hCylKTMJ5ky/GslREClIFUC6v9KD9w9 0qWE/28YIzrpuFoz19HTVxWqB/GGxaFUS3TK8KIWpEEKhNJIcfLhzBAmbKlMofKs UGrQ1KmqbYDWOlGPtevkD0LIdfDN7hArvctpxxZuLXoPuR8Lda8= =YRH1 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWsxCe4x+lLeg9Ub1AQjlNQ//T7JE8Jp5U8ZO/JcRB8SUtcAtXNlgBSoY bWvBvzloE2p4aGeYgdaYtlFQtMd6oPJlUlWnVIgrCMbep7UAoEoTASyhqjbCFaQA ce9bs3zzEOYCK8dmOL6SoYTGFIrYkaen97qnz5y9NCO0FiC61NnUclN+EQRU/Ves T+WNn6zVGXV+4aMY3lvQnda917Ibo1tYPnm76dx2wRyG+Zg5tGObTAG8TLd9Andr Zeuo2PrZ0TmQSCcy0HTi+oIsrshANaAu+hN2WGc0tWXCh2/RPkIBDHzfy7rd/ywa 0EjN62iv3Jctke0ZcNsnC6i5C5UF150/0/P763QMlCGBeAqqwu00dCPKLXHFzwKA BL0qgizzeGFFk7wsBMh5TK8RFBhndnBD3kuUOjpY3YecO59kLrt4xW4PPHnxUSZQ JNOqr5QrXH0ymqQEHWI+kMTffwm1TIfJKc84yTCx6YHbt3+7JEhlBBRF7AY8klqN hGaZV1ETrkK4KYe/Xz14mks/E+awn2hDb7OlSTq9c76PbnPM6xJPWvbb1pACiRrr tllXOBugXaAhNRnF3mAJmza5Ab1xKdTptO8iYYDqFOog48ZRu5VGfiu4SOBR+ngw 5V3ybJ5wTyA7RKsOtCRCASlvavfiSQSKGp7ux3TTaedBi28P54gQNt6KrFN3fFbU izRv20aoPAs= =NUfV -----END PGP SIGNATURE-----