Ubuntu 5424-1: OpenLDAP vulnerability | LinuxSecurity.com
==========================================================================
Ubuntu Security Notice USN-5424-1
May 17, 2022

openldap vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

OpenLDAP could be made to perform arbitrary modifications to the database.

Software Description:
- openldap: Lightweight Directory Access Protocol

Details:

It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  slapd                           2.5.11+dfsg-1~exp1ubuntu3.1

Ubuntu 21.10:
  slapd                           2.5.6+dfsg-1~exp1ubuntu1.1

Ubuntu 20.04 LTS:
  slapd                           2.4.49+dfsg-2ubuntu1.9

Ubuntu 18.04 LTS:
  slapd                           2.4.45+dfsg-1ubuntu1.11

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-5424-1
  CVE-2022-29155

Package Information:
  https://launchpad.net/ubuntu/+source/openldap/2.5.11+dfsg-1~exp1ubuntu3.1
  https://launchpad.net/ubuntu/+source/openldap/2.5.6+dfsg-1~exp1ubuntu1.1
  https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.9
  https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.11

Ubuntu 5424-1: OpenLDAP vulnerability

May 17, 2022

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: OpenLDAP could be made to perform arbitrary modifications to the database. Software Description: - openldap: Lightweight Directory Access Protocol Details: It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: slapd 2.5.11+dfsg-1~exp1ubuntu3.1 Ubuntu 21.10: slapd 2.5.6+dfsg-1~exp1ubuntu1.1 Ubuntu 20.04 LTS: slapd 2.4.49+dfsg-2ubuntu1.9 Ubuntu 18.04 LTS: slapd 2.4.45+dfsg-1ubuntu1.11 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5424-1

CVE-2022-29155

Severity
Ubuntu Security Notice USN-5424-1

Package Information

https://launchpad.net/ubuntu/+source/openldap/2.5.11+dfsg-1~exp1ubuntu3.1 https://launchpad.net/ubuntu/+source/openldap/2.5.6+dfsg-1~exp1ubuntu1.1 https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.9 https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.11

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.