Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
Security:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Bugfixes:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
Список пакетов
Container caasp/v4/cilium-operator:1.6.6
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Container caasp/v4/cilium:1.6.6
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Container caasp/v4/helm-tiller:2.16.12
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Container suse/sle15:15.0
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Container suse/sle15:15.1
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Image SLES15-SP1-CHOST-BYOS-Azure
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Image SLES15-SP1-CHOST-BYOS-EC2
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Image SLES15-SP1-CHOST-BYOS-GCE
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
Image SLES15-SP1-SAPCAL-Azure
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
Image SLES15-SP1-SAPCAL-EC2-HVM
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
Image SLES15-SP1-SAPCAL-GCE
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
SUSE Enterprise Storage 6
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise Server 15 SP1-BCL
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise Server 15 SP1-LTSS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise Server 15-LTSS
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise Server for SAP Applications 15
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
libldap-2_4-2-2.4.46-150000.9.71.1
libldap-2_4-2-32bit-2.4.46-150000.9.71.1
libldap-data-2.4.46-150000.9.71.1
openldap2-2.4.46-150000.9.71.1
openldap2-back-meta-2.4.46-150000.9.71.1
openldap2-back-perl-2.4.46-150000.9.71.1
openldap2-client-2.4.46-150000.9.71.1
openldap2-devel-2.4.46-150000.9.71.1
openldap2-devel-32bit-2.4.46-150000.9.71.1
openldap2-devel-static-2.4.46-150000.9.71.1
openldap2-ppolicy-check-password-1.2-150000.9.71.1
Ссылки
- Link for SUSE-SU-2022:1832-1
- E-Mail link for SUSE-SU-2022:1832-1
- SUSE Security Ratings
- SUSE Bug 1191157
- SUSE Bug 1197004
- SUSE Bug 1199240
- SUSE CVE CVE-2022-29155 page
Описание
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
Затронутые продукты
Container caasp/v4/cilium-operator:1.6.6:libldap-2_4-2-2.4.46-150000.9.71.1
Container caasp/v4/cilium-operator:1.6.6:libldap-data-2.4.46-150000.9.71.1
Container caasp/v4/cilium:1.6.6:libldap-2_4-2-2.4.46-150000.9.71.1
Container caasp/v4/cilium:1.6.6:libldap-data-2.4.46-150000.9.71.1
Ссылки
- CVE-2022-29155
- SUSE Bug 1199240
- SUSE Bug 1202818
- SUSE Bug 1204120
- SUSE Bug 1207513
- SUSE Bug 1208312
- SUSE Bug 1210149