SUSE 15.4: 2022:2507-1 Important: 389-ds Security Issue
suse
October 11, 2022
The container suse/389-ds was updated
Summary
Advisory ID: SUSE-RU-2022:3296-1 Released: Sat Sep 17 10:30:01 2022 Summary: Recommended update for nss_synth Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important Advisory ID: SUSE-SU-2022:3544-1 Released: Thu Oct 6 13:48:42 2022 Summary: Security update for python3 Type: security
Topics Covered
References
References : 1202624 1203438 CVE-2021-28861 CVE-2022-40674
This update for nss_synth fixes the following issues:
- Support running 389-ds with bare uid/gid (non-root) in containers. (jsc#SLE-22585)
1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
1202624,CVE-2021-28861
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
The following package changes have been done:
- libexpat1-2.4.4-150400.3.9.1 updated
- nss_synth-0.1.0~git0.7c23049-150400.9.5.1 added
- python3-base-3.6.15-150300.10.30.1 updated
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2022:2507-1
Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-17.4 , suse/389-ds:latest
Container Release : 17.4
Severity : important
Type : security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!