Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Security Update - Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

     Subject: Ex Libris Patron Directory Services (PDS) Security vulnerability Updated: April 3, 2019

    Overview

    PDS is used to integrate Ex Libris products with the institutional identity management systems (such as LDAP and Shibboleth).  A Critical ranked vulnerability has been discovered in the Ex Libris PDS component.  The vulnerability, if exploited by an attacker, could compromise the security of PDS.

    Effective Security Severity Level:

    Critical

    Ex Libris implemented a security solution on April 2, 2019.

    Affected Systems:

    PDS products that are installed and used locally at customer facilities, including: Aleph, Voyager, DigiTool, Primo, MetaLib, Rosetta, and Verde.

    Tests and Certifications:

    The fix for this vulnerability has been developed, tested and certified for all of Ex Libris products that are using PDS.

    Actions Taken for Hosted Systems:

    Ex Libris has already deployed the fix to all cloud environments and no action is required by our cloud customers.

    Actions To Be Taken for On-Premise Systems

    Ex Libris is asking customers to implement the fix as soon as possible, according to the instructions provided below:

    1. Log into the PDS server as the relevant application user (aleph/primo/metalib etc...)
    2. Restart apache – Make sure apache restart was successful before moving on to the next step.
    3. Execute the following commands:

    pdsroot; cd program
    wget --connect-timeout=60 ftp://inst:kdcgunr@ftp.exlibrisgroup.com/fix_pds_patch.sh
    bash fix_pds_patch.sh
    restart apache