Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).
- CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).
Список пакетов
SUSE Enterprise Storage 7
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise Real Time 15 SP2
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise Server 15 SP2-BCL
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise Server 15 SP2-LTSS
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Manager Proxy 4.1
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Manager Retail Branch Server 4.1
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Manager Server 4.1
389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
Ссылки
- Link for SUSE-SU-2022:1102-1
- E-Mail link for SUSE-SU-2022:1102-1
- SUSE Security Ratings
- SUSE Bug 1197275
- SUSE Bug 1197345
- SUSE CVE CVE-2022-0918 page
- SUSE CVE CVE-2022-0996 page
Описание
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Затронутые продукты
SUSE Enterprise Storage 7:389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
Ссылки
- CVE-2022-0918
- SUSE Bug 1197275
Описание
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Затронутые продукты
SUSE Enterprise Storage 7:389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
SUSE Enterprise Storage 7:libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1
Ссылки
- CVE-2022-0996
- SUSE Bug 1197345