This update for openldap2 fixes the following issues:
Security issue fixed:
- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).
- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).
- CVE-2017-17740: When both the nops module and the member of overlay
are enabled, attempts to free a buffer that was allocated on the stack,
which allows remote attackers to cause a denial of service (slapd crash)
via a member MODDN operation. (bsc#1073313)
Non-security issues fixed:
- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).
- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)
- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).
This update was imported from the SUSE:SLE-15:Update update project.
- Submitted by Chris Kowalczyk (ckowalczyk)