Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 6, 7 MGASA-2019-0280 Moderate: OpenLDAP Authorization Issue

mageia
Calendar Grey September 15, 2019
Dist Mageia Esm H88
The recent enhancements in OpenLDAP packages target critical vulnerabilities, particularly those relating to incorrect rootDN management that impact database authorization.
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation

Summary

Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations (CVE-2019-13057).
It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations (CVE-2019-13565).

References

- https://bugs.mageia.org/show_bug.cgi?id=25286

- https://ubuntu.com/security/notices/USN-4078-1

- https://www.cve.org/CVERecord?id=CVE-2019-13057

- https://www.cve.org/CVERecord?id=CVE-2019-13565

Topics%20covered

Topics Covered

security advisory security fix OpenLDAP authorization issue Mageia rootDN delegation SASL authentication

Resolution

SRPMS

- 7/core/openldap-2.4.47-3.1.mga7

- 6/core/openldap-2.4.45-2.1.mga6

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 15 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0280.html
Type: security
CVE: CVE-2019-13057, CVE-2019-13565

Topics%20covered

Topics Covered

security advisory security fix OpenLDAP authorization issue Mageia rootDN delegation SASL authentication

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here