Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Advisories
    5. Security Advisory- Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

    Security Advisory- Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1.  Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019
      1. Overview
      2. Effective Security Severity Level:
      3. Affected Systems:
      4. Tests and Certifications:
      5. Actions Taken for Hosted Systems:
      6. Actions To Be Taken for On-Premise Systems

     Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

    Overview

    PDS is used to integrate Ex Libris products with the institutional identity management systems (such as LDAP and Shibboleth).  A Critical ranked vulnerability has been discovered in the Ex Libris PDS component.  The vulnerability, if exploited by an attacker, could compromise the security of PDS.

    Effective Security Severity Level:

    Critical

    Ex Libris implemented a security solution on April 2, 2019.

    Affected Systems:

    PDS products that are installed and used locally at customer facilities, including: Aleph, Voyager, DigiTool, Primo, MetaLib, Rosetta, and Verde.

    Tests and Certifications:

    The fix for this vulnerability has been developed, tested and certified for all of Ex Libris products that are using PDS.

    Actions Taken for Hosted Systems:

    Ex Libris has already deployed the fix to all cloud environments and no action is required by our cloud customers.

    Actions To Be Taken for On-Premise Systems

    Ex Libris is asking customers to implement the fix as soon as possible, according to the instructions provided below:

    1. Log into the PDS server as the relevant application user (aleph/primo/metalib etc...)
    2. Restart apache – Make sure apache restart was successful before moving on to the next step.
    3. Execute the following commands:

    pdsroot; cd program
    wget --connect-timeout=60 ftp://inst:kdcgunr@ftp.exlibrisgroup.com/fix_pds_patch.sh
    bash fix_pds_patch.sh
    restart apache 

     

    Record of Changes

    Type of information Document Data

    Document Title:

    Security Advisory- Ex Libris Patron Directory Services (PDS) Security Vulnerability

    Document Owner:

    Tomer Shemesh - Ex Libris Chief Information Security Officer (CISO)

    Approved by:

    Barak Rozenblat – VP Cloud Services

    Issued:

    July 08, 2016

    Reviewed & Revised:

    Apr 03, 2019

     

    Revision Control

    Version Number Nature of Change Date Approved

    1.0

    Initial version

    July 08, 2016

    1.1

    Update

    Apr 03, 2019

    Document Distribution and Review

    The document owner will distribute this document to all approvers when it is first created and as changes or updates are made. This document will be reviewed and updated annually or upon written request by an approver or stakeholder. Questions or feedback about this document can be directed to the owner or a listed approver

    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Advisory- Deprecation of Obsolete TLS 1.0 and TLS 1.1 Versions – Updated April 16, 2019
      • Security Advisory– Apache HTTP Server 2.4 Security Vulnerability October 17, 2021
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Cross-Product
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved