Overview

File _patchinfo of Package patchinfo.24597

<patchinfo incident="24597">
  <issue tracker="bnc" id="1195324">VUL-0: CVE-2021-4091: 389-ds: double-free of the virtual attribute context in persistent search</issue>
  <issue tracker="bnc" id="1188455">VUL-0: CVE-2021-3652: 389-ds: CRYPT password hash with asterisk allows any bind attempt to succeed</issue>
  <issue tracker="bnc" id="1199889">VUL-0: CVE-2022-1949: 389-ds: access control bypass</issue>
  <issue tracker="cve" id="2021-4091"/>
  <issue tracker="cve" id="2021-3652"/>
  <issue tracker="cve" id="2022-1949"/>
  <packager>firstyear</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for 389-ds</summary>
  <description>This update for 389-ds fixes the following issues:
	  
- CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords (bsc#1188455).  
- CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889).
- CVE-2021-4091: Fixed double free in psearch (bsc#1195324).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places