openSUSE-SU-2021:0418-1

Опубликовано: 16 мар. 2021

Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

389-ds was updated to version 1.4.3.19
- CVE-2020-35518: Fixed an information disclosure during the binding of a DN (bsc#1181159).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

389-ds-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

389-ds-devel-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

389-ds-snmp-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

lib389-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

libsvrcore0-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJZAIJRIBNKFP5CET6TYMJ3FGMU6WYAM/
E-Mail link for openSUSE-SU-2021:0418-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181159
SUSE Bug 1181159
https://www.suse.com/security/cve/CVE-2020-35518/
SUSE CVE CVE-2020-35518 page

Описание

When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Затронутые продукты

openSUSE Leap 15.2:389-ds-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

openSUSE Leap 15.2:389-ds-devel-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

openSUSE Leap 15.2:389-ds-snmp-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

openSUSE Leap 15.2:lib389-1.4.3.19~git0.bef0b5bed-lp152.2.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-35518.html
CVE-2020-35518
https://bugzilla.suse.com/1181159
SUSE Bug 1181159

openSUSE-SU-2021:0418-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-35518

Описание

Затронутые продукты

Ссылки