[SECURITY] [DLA 4602-1] lemonldap-ng security update

Thu, 28 May 2026 10:16:19 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4602-1                [email protected]
https://www.debian.org/lts/security/                          Abhijith PA
May 28, 2026                                  https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : lemonldap-ng
Version        : 2.0.11+ds-4+deb11u8
CVE ID         : CVE-2024-52948 CVE-2025-59518 TEMP-0000000-5C6A59(CVE
                 not yet available)


Multiple vulnerabilities have been discovered in lemonldap-ng, a
Web-SSO system.

CVE-2024-52948

    CSRF on 2FA registration

CVE-2025-59518

    It does not Localize _ during rule evaluation. Thus, an
    administrator who can edit a rule evaluated by the Safe jail can
    execute commands on the server.

TEMP-0000000-5C6A59 (CVE not yet available)

    session id exposed in portal AJAX responses.

For Debian 11 bullseye, these problems have been fixed in version
2.0.11+ds-4+deb11u8.

We recommend that you upgrade your lemonldap-ng packages.

For the detailed security status of lemonldap-ng please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lemonldap-ng

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmoYeDoACgkQhj1N8u2c
KO+UNg/9El7W6l8gbmOBm46N+vOBzFOb0uYjTPwyRf1C0ZcLnuN8BOfM/2iFywG9
ERq6q2lEyEq+/q6i3AGGo0SJCf+v0kjZC9fV8Za18bpNMkuP/FjXoLt9xZGVC2YD
s8EMvcQ6sQY4dRoOY0usY8uuiOWa0359mKkUI/fwih92YsZqDToOJNRhGthBvqSM
ikZe9Qgabdq5gfYJnIa2QD0LwtyZgOfQJDGbJVLe0Dn+8yLnL36dtcZf371ngaTr
3WHcmIzxkx8w1ihkaQf9mUkFC1O52qHELxck8pOYOBF88Fdqncol45JnUdr01QKK
w40DdWvVGGYi1mUOMW+YutUbdvCGwebPJhi3lEdxFCMJGufPzuQe/F/+NUfwnB1a
4SAdQlWVmeWXwyIaFOV1ud50CLZOdDd8LPaelsAAugfiODpyrpqm8Jv5i211+yVK
qzfJmCdMDknx3VAZ7XYQ1CpispoJ71xclk9tK+qiES297kRXPynFLjVkmklY4cCC
NUAOcYJg7iypfAEE8LC34zLypBmRn0HduV8WubZNYHTYUKl7M/pyjMaGPG/IlxHj
1DmRrwL0CLLEqLwrMrE28M+kLef8JuoR4xgk/ybFA9IN1VmbgFssty30tsbOYZca
RyobwLJC45CWQgK9cvsP/a+H2Ouw1YBsE3KgxnMzRPR4uAxS4wk=
=DZht
-----END PGP SIGNATURE-----

Reply via email to