SUSE-SU-2022:3286-1

Опубликовано: 16 сент. 2022

Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).

Non-security fixes:

Update to version 2.0.16~git20.219f047ae:
- Fix missing 'not' in description
- CI - makes replication/acceptance_test.py::test_modify_entry more robust
- fix repl keep alive event interval
- Sync_repl may crash while managing invalid cookie
- Hostname when set to localhost causing failures in other tests
- lib389 - do not set backend name to lowercase
- keep alive update event starts too soon
- Fix various memory leaks
- UI - LDAP Editor is not updated when we switch instances
- Supplier should do periodic updates
Update sudoers schema to support UTF-8 (bsc#1197998)
Update to version 2.0.16~git9.e2a858a86:
- UI - Various fixes and RFE's for UI
- Remove problematic language from source code
- CI - disable TLS hostname checking
- Update npm and cargo packages
- Support ECDSA private keys for TLS

Список пакетов

Container suse/389-ds:latest

389-ds-2.0.16~git20.219f047ae-150400.3.10.1

lib389-2.0.16~git20.219f047ae-150400.3.10.1

libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1

SUSE Linux Enterprise Module for Server Applications 15 SP4

389-ds-2.0.16~git20.219f047ae-150400.3.10.1

389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1

lib389-2.0.16~git20.219f047ae-150400.3.10.1

libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1

openSUSE Leap 15.4

389-ds-2.0.16~git20.219f047ae-150400.3.10.1

389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1

389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1

lib389-2.0.16~git20.219f047ae-150400.3.10.1

libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223286-1/
Link for SUSE-SU-2022:3286-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012268.html
E-Mail link for SUSE-SU-2022:3286-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1197998
SUSE Bug 1197998
https://bugzilla.suse.com/1202470
SUSE Bug 1202470
https://www.suse.com/security/cve/CVE-2022-2850/
SUSE CVE CVE-2022-2850 page

Описание

A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Затронутые продукты

Container suse/389-ds:latest:389-ds-2.0.16~git20.219f047ae-150400.3.10.1

Container suse/389-ds:latest:lib389-2.0.16~git20.219f047ae-150400.3.10.1

Container suse/389-ds:latest:libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1

SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git20.219f047ae-150400.3.10.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-2850.html
CVE-2022-2850
https://bugzilla.suse.com/1202470
SUSE Bug 1202470

SUSE-SU-2022:3286-1

Описание

Список пакетов

Container suse/389-ds:latest

SUSE Linux Enterprise Module for Server Applications 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-2850

Описание

Затронутые продукты

Ссылки