Advisories ยป MGASA-2015-0181

Updated cherokee packages fix CVE-2014-4668

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-4668

Description

Updated cherokee packages fix security vulnerability:

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee
 1.2.103 and earlier, when LDAP is used, does not properly consider
unauthenticated-bind semantics, which allows remote attackers to bypass
authentication via an empty password (CVE-2014-4668).
                

References

SRPMS

4/core