Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275).
- CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise Server 15-LTSS
389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise Server for SAP Applications 15
389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
Ссылки
- Link for SUSE-SU-2022:1139-1
- E-Mail link for SUSE-SU-2022:1139-1
- SUSE Security Ratings
- SUSE Bug 1197275
- SUSE Bug 1197345
- SUSE CVE CVE-2022-0918 page
- SUSE CVE CVE-2022-0996 page
Описание
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
Ссылки
- CVE-2022-0918
- SUSE Bug 1197275
Описание
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1
Ссылки
- CVE-2022-0996
- SUSE Bug 1197345