Fedora 32 - FEDORA-2020-c6fa47ecd7 Moderate: XSS Risk in phpldapadmin

PhpLDAPadmin is a web-based LDAP client.

It provides easy, anywhere-accessible, multi-language administration

for your LDAP server. Its hierarchical tree-viewer and advanced search

functionality make it intuitive to browse and administer your LDAP directory.

Since it is a web application, this LDAP browser works on many platforms,

making your LDAP server easily manageable from any location.

PhpLDAPadmin is the perfect LDAP browser for the LDAP professional

and novice alike. Its user base consists mostly of LDAP administration

professionals.

Edit /etc/phpldapadmin/config.php to change default (localhost) LDAP server

location and other things. Edit /etc/httpd/conf.d/phpldapadmin.conf to allow

access by remote web-clients.

Update to 1.2.6.2 (#1906752)

* Fri Dec 11 2020 Dmitry Butskoy - 1.2.6.2-1

- Update to 1.2.6.2 (#1906752)

* Tue Jul 28 2020 Fedora Release Engineering - 1.2.3-18

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[ 1 ] Bug #1906752 - CVE-2020-35132 phpldapadmin: allows users to store malicious values which could result in XSS via get_request in lib/function.php

https://bugzilla.redhat.com/show_bug.cgi?id=1906752

su -c 'dnf upgrade --advisory FEDORA-2020-c6fa47ecd7' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/