[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2367-1] lemonldap-ng security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ----------------------------------------------------------------------
Debian LTS Advisory DLA-2367-1             debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Xavier Guimard
September 07, 2020                         https://wiki.debian.org/LTS
- ----------------------------------------------------------------------

Package        : lemonldap-ng
Version        : 1.9.7-3+deb9u4
CVE ID         : CVE-2020-24660

lemonldap-ng community fixed a vulnerability in the Nginx default
configuration files (CVE-2020-24660).
Debian package does not install any default site, but documentation
provided insecure examples in Nginx configuration before this version.
If you use lemonldap-ng handler with Nginx, you should verify your
configuration files.

For Debian 9 stretch, this problem has been fixed in version
1.9.7-3+deb9u4.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl9WWb0ACgkQ9tdMp8mZ
7um/vw//QEc8JHXb+UUfyRg6QZo7HtgHAd3sDPpNeKdr4A4U5GtSh/XukNKvXo4E
BsnSDWeg2fCvoNV7RtX1b1kG276QMSHpbAN8473sjyGoG1IlKO31I8hAmV1Dp/2C
7gDlolfWZqUs74IgVI4Hv+PzG14UfFSbXGJ3tKhIjE1xY7PolcUFWY2nltIAwwbf
ejpHlkTWyPQVszfhk8oCGdEWVZPZQNht4RcV6JV2HINSqWZi6pM6GvAJlahYrGkp
pi0EzCyZoJ/IIYeSWQz96LvDZDWEJPcuzikc+vKnazHzy27aA1oqKC7yYo7m57zm
NjkrUe0WBDYw9NyvdPRFkwa0VANhLa8n1Tp3Xq6gEl7cUkFubS4iS73EFtuu1AeR
plxi388nbU7Hkb8iN1AEA5cs+TyBMFITMDZPw6/60b6zblEJXLK4WyCwuPTtf++Z
kBv8FVzhnE5HwaEdFSiiZMj9cS16hAIar9dbmsijXs9Rwj/hsSj40hwZT5/Ax8Iu
rWxiJPhy/x0e1J0H7kHalLKceqSsqUw5wDLtRXD1YPpnDjixVStq/rMLpWDgdeTW
GWb0/fNfiVb7NHApbwccAxqAW6IIZzLJAvWzAyNS6TbKt+WoTD5dE9XQjikYXx52
JzGi3mq3SGLzGUrZL2EaL/TI3pERiLNn6HZOpprXWcIlM//OwRQ=
=+BzJ
-----END PGP SIGNATURE-----


Reply to: