Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Cross-Product

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Cross-Product
    3. Security
    4. Statements
    5. Policy Previous Versions
    6. Security Update - Ex Libris Patron Directory Services (PDS) Security Vulnerability

    Security Update - Ex Libris Patron Directory Services (PDS) Security Vulnerability

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability  Updated: July 8, 2016
      1. Overview
      2. Effective Security Severity Level:
      3. Affected Systems:
      4. Tests and Certifications:

    Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability  Updated: July 8, 2016

    Overview

    A Critical ranked vulnerability has been discovered in Ex Libris'PDS component.
    PDS is used to integrate Ex Libris products with the institutional identity management systems (LDAP, Shibboleth, etc.).
    The vulnerability, if exploit by an attacker, may compromise the security level of PDS. 

    Effective Security Severity Level:

    Critical

    Affected Systems:

    Ex Libris’ locally installed products that are using PDS: Aleph, Voyager, DigiTool, Primo, MetaLib, Rosetta, and Verde.

    Tests and Certifications:

    The HF for this vulnerability has been developed, tested and certified for all of Ex Libris products that are using PDS.

    Actions Taken for Hosted Systems:  Ex Libris has already deployed the fix to all of the cloud environments and no action is required by our cloud customers

    Immediate Actions Required for Locally Installed PDS: 

    Ex Libris is asking customers to implement the fix as soon as possible, according to the below instructions:

    1. Log into the PDS server as the relevant application user (aleph/primo/metalib etc...)
    2. Restart apache – Make sure apache restart was successful before moving on to the next step.
    3. Execute the following commands: 
    • pdsroot; cd program
    • wget --connect-timeout=60
    • ftp://produser:Pr6gue@ftp.exlibrisgroup.com/product_patches/PDSupdate
    • tar -zxvf PDSupdate 
    • ./RunMe.sh
    • restart apache  
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Security Update - Primo's "send email" functionality – Updated October 20, 2016
      • Security Advisory– Log4Shell Security vulnerability (CVE-2021-44228) - December 12, 2021
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Content Type
      Documentation
      Language
      English
      Product
      Cross-Product
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved