SUSE-SU-2022:1100-1

Опубликовано: 04 апр. 2022

Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).
CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).
Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068)
Resolved multiple index migration bug (bsc#1194084)

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP3

389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1

389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1

lib389-1.4.4.19~git28.b12c72226-150300.3.12.1

libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221100-1/
Link for SUSE-SU-2022:1100-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010649.html
E-Mail link for SUSE-SU-2022:1100-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194068
SUSE Bug 1194068
https://bugzilla.suse.com/1194084
SUSE Bug 1194084
https://bugzilla.suse.com/1197275
SUSE Bug 1197275
https://bugzilla.suse.com/1197345
SUSE Bug 1197345
https://www.suse.com/security/cve/CVE-2022-0918/
SUSE CVE CVE-2022-0918 page
https://www.suse.com/security/cve/CVE-2022-0996/
SUSE CVE CVE-2022-0996 page

Описание

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0918.html
CVE-2022-0918
https://bugzilla.suse.com/1197275
SUSE Bug 1197275

Описание

A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0996.html
CVE-2022-0996
https://bugzilla.suse.com/1197345
SUSE Bug 1197345

SUSE-SU-2022:1100-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP3

Ссылки

Уязвимость: CVE-2022-0918

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-0996

Описание

Затронутые продукты

Ссылки