Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019
PDS is used to integrate Ex Libris products with the institutional identity management systems (such as LDAP and Shibboleth). A Critical ranked vulnerability has been discovered in the Ex Libris PDS component. The vulnerability, if exploited by an attacker, could compromise the security of PDS.
Effective Security Severity Level:
Ex Libris implemented a security solution on April 2, 2019.
PDS products that are installed and used locally at customer facilities, including: Aleph, Voyager, DigiTool, Primo, MetaLib, Rosetta, and Verde.
Tests and Certifications:
The fix for this vulnerability has been developed, tested and certified for all of Ex Libris products that are using PDS.
Actions Taken for Hosted Systems:
Ex Libris has already deployed the fix to all cloud environments and no action is required by our cloud customers.
Actions To Be Taken for On-Premise Systems
Ex Libris is asking customers to implement the fix as soon as possible, according to the instructions provided below:
- Log into the PDS server as the relevant application user (aleph/primo/metalib etc...)
- Restart apache – Make sure apache restart was successful before moving on to the next step.
- Execute the following commands:
pdsroot; cd program
wget --connect-timeout=60 ftp://inst:firstname.lastname@example.org/fix_pds_patch.sh