Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND="ldap" was used (bsc#1172698).
- Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
William Brown (firstyear)
Fixed bugs
bnc#1172698
VUL-0: EMBARGOED: CVE-2020-8023: openldap2: Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND="ldap"
bnc#1172704
AUDIT-FIND: openldap: non-root owned file under /usr/lib