Advisories ยป MGASA-2018-0235

Updated spring-ldap packages fix security vulnerability

Publication date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-8028

Description

It was discovered that spring-ldap would under some circumstances allow
authentication with a correct username but an arbitrary password
(CVE-2017-8028).
                

References

SRPMS

6/core