SUSE-SU-2019:2395-1 -- SLES openldap2, libldap-2_4-2ID: oval:org.secpod.oval:def:89050741 | Date: (C)2023-10-16 (M)2024-01-29 |
Class: PATCH | Family: unix |
This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption . - CVE-2019-13057: Fixed an issue with delegated database admin privileges . - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service via a member MODDN operation. Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh . - Create files in /var/lib/ldap/ during initial start to allow for transactional updates - Fixed incorrect post script call causing tmpfiles creation not to be run .
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Desktop 15 |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Server 15 SP1 |
Product: |
openldap2 |
libldap-2_4-2 |