Advisories » MGASA-2015-0181

Updated cherokee packages fix CVE-2014-4668

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-4668

Description

Updated cherokee packages fix security vulnerability:

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee
 1.2.103 and earlier, when LDAP is used, does not properly consider
unauthenticated-bind semantics, which allows remote attackers to bypass
authentication via an empty password (CVE-2014-4668).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15755
• https://lists.fedoraproject.org/pipermail/package-announce/2015-April/155776.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4668

SRPMS

4/core

• cherokee-1.2.103-2.2.mga4