Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:2395-1 Moderate: Openldap2 Authentication Bypass Fix

suse
Calendar Grey September 18, 2019
Dist Suse Esm H88
SUSE Security Patch resolves multiple vulnerabilities in openldap2, implementing corrections to improve safety and overall system robustness.
An update that solves three vulnerabilities and has two fixes is now available

Summary

This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE openldap2 authentication fix bugs correction

References

#1073313 #1111388 #1114845 #1143194 #1143273

Cross- CVE-2017-17740 CVE-2019-13057 CVE-2019-13565

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Legacy Software 15-SP1

SUSE Linux Enterprise Module for Legacy Software 15

SUSE Linux Enterprise Module for Development Tools 15-SP1

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux Enterprise Module for Basesystem 15-SP1

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2017-17740.html

https://www.suse.com/security/cve/CVE-2019-13057.html

https://www.suse.com/security/cve/CVE-2019-13565.html

https://bugzilla.suse.com/1073313

Announcement ID: SUSE-SU-2019:2395-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate denial of service SUSE openldap2 authentication fix bugs correction

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here