SUSE-SU-2022:3029-1

Опубликовано: 05 сент. 2022

Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).

Non-security fixes:

Update to version 1.4.4.19~git46.c900a28c8:
- CI - makes replication/acceptance_test.py::test_modify_entry more robust
- UI - LDAP Editor is not updated when we switch instances
Improvements to openldap import with password policy present (bsc#1199908)
Update to version 1.4.4.19~git43.8ba2ea21f:
- fix covscan
- BUG - pid file handling
- Memory leak in slapi_ldap_get_lderrno
- Need a compatibility option about sub suffix handling
- Release tarballs don't contain cockpit webapp
- Replication broken after password change
- Harden ReplicationManager.wait_for_replication
- dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
- CLI - dsconf backend export breaks with multiple backends
- CLI - improve task handling

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP3

389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1

389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1

lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1

libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1

openSUSE Leap 15.3

389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1

389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1

389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1

lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1

libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223029-1/
Link for SUSE-SU-2022:3029-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012079.html
E-Mail link for SUSE-SU-2022:3029-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199908
SUSE Bug 1199908
https://bugzilla.suse.com/1202470
SUSE Bug 1202470
https://www.suse.com/security/cve/CVE-2022-2850/
SUSE CVE CVE-2022-2850 page

Описание

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1

SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2850.html
CVE-2022-2850
https://bugzilla.suse.com/1202470
SUSE Bug 1202470

SUSE-SU-2022:3029-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-2850

Описание

Затронутые продукты

Ссылки