|
|
Subscribe / Log in / New account

Mageia alert MGASA-2019-0280 (openldap)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2019-0280: Updated openldap packages fix security vulnerabilities 


Date:
              Sun, 15 Sep 2019 16:46:28 +0200


Message-ID:
              <20190915144628.EFAD19F94F@duvel.mageia.org>


MGASA-2019-0280 - Updated openldap packages fix security vulnerabilities

Publication date: 15 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0280.html
Type: security
Affected Mageia releases: 6, 7
CVE: CVE-2019-13057,
     CVE-2019-13565

Description:
Updated openldap packages fix security vulnerabilities:
It was discovered that OpenLDAP incorrectly handled rootDN delegation.
A database administrator could use this issue to request authorization
as an identity from another database, contrary to expectations
(CVE-2019-13057).

It was discovered that OpenLDAP incorrectly handled SASL authentication
and session encryption. After a first SASL bind was completed, it was
possible to obtain access by performing simple binds, contrary to
expectations (CVE-2019-13565).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25286
- https://usn.ubuntu.com/4078-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1...

SRPMS:
- 7/core/openldap-2.4.47-3.1.mga7
- 6/core/openldap-2.4.45-2.1.mga6
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds