| Revision Date: | 2020-12-01 | Version: | 1 |
| Title: | Security update for openldap2 (Moderate) |
| Description: |
This update for openldap2 fixes the following issues:
Security issue fixed:
- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313)
Non-security issues fixed:
- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1073313
1096726
1111388
1114845
1143194
1143273
CVE-2017-17740
CVE-2018-15664
CVE-2019-13057
CVE-2019-13565
SUSE-SU-2019:1562-1
SUSE-SU-2019:2395-1
|
| Platform(s): | SUSE Linux Enterprise Module for Development Tools 15 SP1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND Package Information
openldap2-2.4.46-9.19 is installed
OR openldap2-devel-32bit-2.4.46-9.19 is installed
|
| Definition Synopsis |
| SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
AND Package Information
docker-18.09.6_ce-6.20 is installed
OR docker-test-18.09.6_ce-6.20 is installed
OR docker-zsh-completion-18.09.6_ce-6.20 is installed
|