Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Fedora 26: Update for Phpldapadmin Fixing Critical XSS Threat

fedora
Calendar Grey July 24, 2017
Dist Fedora Esm H88
Important patch for Fedora 26 addressing XSS threat in phpldapadmin. Safeguard your system immediately.
Fix CVE-2017-11107 (#1471112)

Summary

PhpLDAPadmin is a web-based LDAP client.

It provides easy, anywhere-accessible, multi-language administration

for your LDAP server. Its hierarchical tree-viewer and advanced search

functionality make it intuitive to browse and administer your LDAP directory.

Since it is a web application, this LDAP browser works on many platforms,

making your LDAP server easily manageable from any location.

PhpLDAPadmin is the perfect LDAP browser for the LDAP professional

and novice alike. Its user base consists mostly of LDAP administration

professionals.

Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server

location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow

access by remote web-clients.

Fix CVE-2017-11107 (#1471112)

[ 1 ] Bug #1471112 - CVE-2017-11107 phpldapadmin: XSS in htdocs/entry_chooser.php via form, element, rdn, or container parameter

https://bugzilla.redhat.com/show_bug.cgi?id=1471112

su -c 'dnf upgrade phpldapadmin' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 1.2.3
Release: 10.fc26
URL: /
Summary: Web-based tool for managing LDAP servers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.