Overview Repositories Revisions Requests Users Attributes Meta
Security update for openldap2

This update for openldap2 fixes the following issues:

Security issue fixed:

- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay
are enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)

Non-security issues fixed:

- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).

This update was imported from the SUSE:SLE-15:Update update project.

Fixed bugs
bnc#1143194
VUL-0: CVE-2019-13565: openldap2: successful authorization step completed by one user affects the authorization requirement for a different user
bnc#1143273
VUL-0: CVE-2019-13057: openldap2: slapd does not properly stop a rootDN from requesting authorization as an identity from another database
bnc#1111388
openldap and /var/lib/ldap/DB_CONFIG* (transactional-update)
bnc#1114845
broken shebang line in openldap_update_modules_path.sh
bnc#1073313
VUL-0: CVE-2017-17740: openldap2: contrib/slapd-modules/nops/nops.c, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack
CVE-2017-17740
CVE-2019-13565
CVE-2019-13057
fate#325524
Selected Binaries
openSUSE Build Service is sponsored by
Places