LAM - security patch for 3.6/3.6.1
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
LAM - security patch for 3.6/3.6.1
by Roland Gruber (LAM)
::
Rate this Message:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 Dear all, there were two security vulnerabilities (XSS) found in tree view of LAM (Pro). Both require that you e.g. click on a malicious link while you are logged in to LAM. So the criticality level according to Secunia is "less critical". The attached file contains a patch for this issue. Bug report: https://sourceforge.net/tracker/index.php?func=detail&aid=3496624&group_id=73243&atid=537211 Installation: Please replace the attached files in your LAM (Pro) installation. The base directory for RPM/DEB is /usr/share/ldap-account-manager. This patch is for 3.6/3.6.1. Earlier versions are also affected. In this case you need to upgrade before. LAM (Pro) 3.7 (planned for end of March) will include this patch, too. Workaround: Disable tree view. - -- Best regards Roland Gruber LDAP Account Manager http://www.ldap-account-manager.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9SgLcACgkQq/ywNCsrGZ6lMgCfb+4HxZeCOjXz/sJPyMa8/jSc /zkAn3wqEH9R1/SGuChA7f7r56mMAzDE =6a3E -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ Lam-announce mailing list Lam-announce@... https://lists.sourceforge.net/lists/listinfo/lam-announce |
lam.zip (11K) | Free embeddable forum powered by Nabble | Forum Help |
