Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: FEDORA-2024-d0a6c4ac13 critical: lemonldap-ng access issues

fedora
Calendar Grey November 19, 2024
Dist Fedora Esm H88
Lemonldap-ng 2.20.1 introduces critical fixes for XSS vulnerabilities and revises authentication protocols in Fedora 39. A crucial security enhancement!
Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by "Refresh my rights" [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadat...

Summary

LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It

simplifies the build of a protected area with a few changes in the

application. It manages both authentication and authorization and provides

headers for accounting.

So you can have a full AAA protection for your web space as described below.

Update Information:

Update to lemonldap-ng 2.20.1: [Security] Adaptative Authentication Rules triggered by "Refresh my rights" [Security] XSS in upgradeSession / forceUpgrade pages downloadSamlMetadata missing from packages in 2.20.0 CDA request for id is not valid "This application is not known" when trying to access a federation application with empty RelayState SAML regression in 2.20.0 Internal error when captcha rule isn't validated

Topics%20covered

Topics Covered

security advisory security update XSS access management authentication lemonldap-ng Fedora 39

Change Log

* Fri Nov 8 2024 Clement Oudot - 2.20.1-1 - Update to 2.20.1

References

Fedora Update Notification FEDORA-2024-d0a6c4ac13 2024-11-19 01:28:16.949479 Name : lemonldap-ng Product : Fedora 39 Version : 2.20.1 Release : 1.fc39 URL : https://lemonldap-ng.org Summary : Web Single Sign On (SSO) and Access Management Description : LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a protected area with a few changes in the application. It manages both authentication and authorization and provides headers for accounting. So you can have a full AAA protection for your web space as described below.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-d0a6c4ac13' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: lemonldap-ng
Product: Fedora 39
Version: 2.20.1
Release: 1.fc39
URL: https://lemonldap-ng.org
Summary: Web Single Sign On (SSO) and Access Management

Topics%20covered

Topics Covered

security advisory security update XSS access management authentication lemonldap-ng Fedora 39

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here