[SECURITY] [DLA 4119-1] lemonldap-ng security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4119-1] lemonldap-ng security update
From: Yadd <yadd@debian.org>
Date: Tue, 8 Apr 2025 18:47:35 +0200
Message-id: <[🔎] 3ea0960c-d58f-4b7a-9930-ff5f7f98db8e@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4119-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                                 Yadd
April 08, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lemonldap-ng
Version        : 2.0.11+ds-4+deb11u7
CVE ID         : CVE-2025-31510

lemonldap-ng is a powerful SSO solution that implement OpenID-Connect,
SAML, CAS,... An input validation vulnerability (XSS) has been
identified when using the "Choice" module. It permit to introduce HTML
code into login page, and if the default Content-Security-Policy headers
have been modify, it may be possible to inject JavaScript code also.

For Debian 11 bullseye, this problem has been fixed in version
2.0.11+ds-4+deb11u7.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmf1UqISHHguZ3VpbWFy
ZEBmcmVlLmZyAAoJEPbXTKfJme7piSMQAJ4lmk8QqBx+vPS8nKt6tccDh9CO1SNc
K48VSnC07JRZjLGBSt6evUVsCotZxrs1riVNht3wTk4ZO59LOTjHT+27FzL9HCZZ
YtPQKi4lQZ7erRlO6Dv5KMK3HDUID1wXfCc0hWFABSrBA+VE9nIefDabXJwIYOlw
BTCylwl9vVvJvKBb0pEJbzqsULPDA+gEK88CxCvod47E/+oy1QEZMC5eYFSPse5i
he7N1VkoNA1EoLi8bVot6SHOTexKpaLyYsKkot+AyPs99v5jXvG7Oa9/NOJKoQVo
U2ltvmMadMV7IVblhb5im31UXxmSkE69m9nYE/+S0yo5OKIrrAX4RQURxBIn0DCr
5VctUrKLerLzA96J54C2WQzoUHTCO7Wlh3F3q+ShW0/AXFjwVlAJO4AH05EzaQtu
skzsK1nt8AWxjh8+jl+cvcIsITz+VsSc4Sby1FERqKGSviTv7TYoNbR4YnKZIw4d
KUvmyjjoaAK/SFaxFmiSKYHfKjJ49aXyFJL5JwH4P5jJCuKyakBNqP6Aabznyie0
fHPZq9rHiZTw2MFrZh4eyFIb5d2JDW12OJcNXIUsDXYHjoOD767CADIJ9veBWGM/
XsBHngmh2bUwlxdPAI7cqn8OntEVK1fl0cwice/vv8oAWF99kt+6HOT4kr1rf2c6
PipRfVIXizIK
=nNG9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4121-1] phpmyadmin security update
Next by Date: [SECURITY] [DLA 4122-1] libbssolv-perl security update
Previous by thread: [SECURITY] [DLA 4121-1] phpmyadmin security update
Next by thread: [SECURITY] [DLA 4122-1] libbssolv-perl security update
Index(es):
- Date
- Thread