File _patchinfo of Package patchinfo.9510
<patchinfo incident="9510"> <issue tracker="bnc" id="1143194">VUL-0: CVE-2019-13565: openldap2: successful authorization step completed by one user affects the authorization requirement for a different user</issue> <issue tracker="bnc" id="1143273">VUL-0: CVE-2019-13057: openldap2: slapd does not properly stop a rootDN from requesting authorization as an identity from another database</issue> <issue tracker="bnc" id="1111388">openldap and /var/lib/ldap/DB_CONFIG* (transactional-update)</issue> <issue tracker="bnc" id="1114845">broken shebang line in openldap_update_modules_path.sh</issue> <issue tracker="bnc" id="1073313">VUL-0: CVE-2017-17740: openldap2: contrib/slapd-modules/nops/nops.c, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack</issue> <issue tracker="cve" id="2017-17740"/> <issue tracker="cve" id="2019-13565"/> <issue tracker="cve" id="2019-13057"/> <issue tracker="fate" id="325524"/> <category>security</category> <rating>moderate</rating> <packager>ckowalczyk</packager> <description>This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). </description> <summary>Security update for openldap2</summary> </patchinfo>
