Oval Definition:oval:org.opensuse.security:def:90200
Revision Date:2019-09-18Version:1
Title:Security update for openldap2 (Moderate)
Description:

This update for openldap2 fixes the following issues:

Security issue fixed:

- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313)

Non-security issues fixed:

- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).
Family:unixClass:patch
Status:Reference(s):1073313
1111388
1114845
1143194
1143273
CVE-2017-17740
CVE-2019-13057
CVE-2019-13565
SUSE-SU-2019:2395-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP1
SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • libldap-2_4-2-2.4.46-9.19.2 is installed
  • OR libldap-2_4-2-32bit-2.4.46-9.19.2 is installed
  • OR openldap2-client-2.4.46-9.19.2 is installed
  • OR openldap2-devel-2.4.46-9.19.2 is installed
  • OR openldap2-devel-static-2.4.46-9.19.2 is installed
  • BACK