- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-008
http://www.skolelinux.org/security/                      Finn-Arne Johansen
June 30, 2004                 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : webmin-ldap-user-simple (wlus)
Vulnerability       : ACL bypass/failure to drop priviliges
Problem-Type        : remote
Need reboot         : no
Debian-Edu-specific : yes
CVE ID              : 
DSA ID              : 

Klaus Ade Johnstad discovered that it was possible for a normal
user to modify the module configuration for wlus. It's not a big
security hole, but it might cause some trouble if the config is
changed. It can not be used to change the settings for existing
users but only the behaviour when creating new user accounts .

New packages are availible from http://ftp.skolelinux.no/skolelinux/

We recommend that you upgrade your wlus package.


Upgrade Instructions
- --------------------

Make sure 'deb http://ftp.skolelinux.no/skolelinux woody local
present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists.

  apt-get install webmin-ldap-user-simple

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'