Advisories » MGASA-2018-0235

Updated spring-ldap packages fix security vulnerability

Publication date: 16 May 2018
Modification date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-8028

Description

It was discovered that spring-ldap would under some circumstances allow
authentication with a correct username but an arbitrary password
(CVE-2017-8028).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22085
• https://www.debian.org/security/2017/dsa-4046
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8028

SRPMS

6/core

• spring-ldap-1.3.1-14.1.mga6