Debian: DSA-1287-1 Moderate: Ldap-Account-Manager Remote Security Threat
debian
May 7, 2007
Two vulnerabilities have been identified in the version of
ldap-account-manager shipped with Debian 3.1 (sarge)
Topics Covered
Summary
CVE-2007-1840
Improper escaping of HTML content could allow an attacker to execute a
cross-site scripting attack (XSS) and execute arbitrary code in the
victim's browser in the security context of the affected web site.
For the old stable distribution (sarge), this problem has been fixed in
version 0.4.9-2sarge1. Newer versions of Debian (etch, lenny, and sid),
are not affected.
We recommend that you upgrade your ldap-account-manager package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (oldstable)
- ----------------------Oldstable updates are available for alpha...
PREVIOUS
NEXT
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!