Package "ledgersmb"

Name:	ledgersmb
Description:	financial accounting and ERP program
Latest version:	1.6.33+ds-2.2ubuntu0.25.04.1
Release:	plucky (25.04)
Level:	security
Repository:	universe
Homepage:	http://www.ledgersmb.org/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "ledgersmb"

All arch deb package

APT INSTALL

Other versions of "ledgersmb" in Plucky

Repository	Area	Version
base	universe	1.6.33+ds-2.2
updates	universe	1.6.33+ds-2.2ubuntu0.25.04.1

Changelog

Version: 1.6.33+ds-2.2ubuntu0.25.04.1 2025-07-17 18:07:18 UTC

ledgersmb (1.6.33+ds-2.2ubuntu0.25.04.1) plucky-security; urgency=medium * SECURITY UPDATE: No origin check for HTML fragments - debian/patches/CVE-2021-3693.patch: Fix regression of errors not creating pop-ups - CVE-2021-3693 * SECURITY UPDATE: Missing secure attribute over HTTPS - debian/patches/CVE-2021-3882.patch: Use HTTPS environment setting to detect https connections - CVE-2021-3882 * SECURITY UPDATE: Privilege escalation - debian/patches/CVE-2024-23831.patch: Fix missing CSRF mitigation - CVE-2024-23831 -- John Breton <email address hidden> Tue, 15 Jul 2025 13:24:29 -0400

CVE-2021-3693	LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi
CVE-2021-3882	LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev
CVE-2024-23831	LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker

About - Send Feedback to @ubuntu_updates

Package "ledgersmb"

Links

Download "ledgersmb"

Other versions of "ledgersmb" in Plucky

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates