SUSE: 2022:1162-1 Important: OpenLDAP2 SQL Injection Threat Fix
suse
May 25, 2022
The container suse/sle15 was updated
Summary
Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important
Topics Covered
References
References : 1191157 1197004 1199240 CVE-2022-29155
1191157,1197004,1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
Security:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Bugfixes:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
The following package changes have been done:
- libldap-2_4-2-2.4.46-150000.9.71.1 updated
- libldap-data-2.4.46-150000.9.71.1 updated
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2022:1162-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.622
Container Release : 6.2.622
Severity : important
Type : security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!