- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-010
http://www.skolelinux.org/security/                      Finn-Arne Johansen
July  9, 2004                 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------

Package             : webmin-ldap-user-simple
Vulnerability       : Admin password leftover
Problem-Type        : remote
Need reboot         : no
Debian-Edu-specific : yes
CVE ID              : 
DSA ID              : 

A vulnerability were discovered in webmin-ldap-user-simple:

A normal user could have read the admin password, if the browser had
been borrowed by the System admin to do some stuff in wlus.

We've preparred new packages for you were the admin password is never
remembered. 

New packages are availible from http://ftp.skolelinux.no/skolelinux/

We recommend that you upgrade your webmin-ldap-user-simple packages
to 1.3-13.

Upgrade Instructions
- --------------------

Make sure 'deb http://ftp.skolelinux.no/skolelinux woody local' is 
present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists.

  apt-get install webmin-ldap-user-simple

- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
              linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'