Fedora 24 Moderate: FEDORA-2017-1a8bebaab4 Phpldapadmin XSS Issue

PhpLDAPadmin is a web-based LDAP client.

It provides easy, anywhere-accessible, multi-language administration

for your LDAP server. Its hierarchical tree-viewer and advanced search

functionality make it intuitive to browse and administer your LDAP directory.

Since it is a web application, this LDAP browser works on many platforms,

making your LDAP server easily manageable from any location.

PhpLDAPadmin is the perfect LDAP browser for the LDAP professional

and novice alike. Its user base consists mostly of LDAP administration

professionals.

Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server

location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow

access by remote web-clients.

Fix CVE-2017-11107 (#1471112)

[ 1 ] Bug #1471112 - CVE-2017-11107 phpldapadmin: XSS in htdocs/entry_chooser.php via form, element, rdn, or container parameter

https://bugzilla.redhat.com/show_bug.cgi?id=1471112

su -c 'dnf upgrade phpldapadmin' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org