Package : fusiondirectory Version : 1.0.8.2-5+deb8u2 CVE ID : CVE-2019-11187 In FusionDirectory, an LDAP web-frontend written in PHP (originally derived GOsa² 2.6.x), a vulnerability was found that could theoretically lead to unauthorized access to the LDAP database managed with FusionDirectory. LDAP queries' result status ("Success") checks had not been strict enough. The resulting output containing the word "Success" anywhere in the returned data during login connection attempts would have returned "LDAP success" to FusionDirectory and possibly grant unwanted access. For Debian 8 "Jessie", this problem has been fixed in version 1.0.8.2-5+deb8u2. We recommend that you upgrade your fusiondirectory packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
signature.asc
Description: PGP signature