An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1654
Final
1.0
1.0
2022-05-18
Initial
2022-05-18
2022-05-18
openEuler SA Tool V1.0
2022-05-18
openldap security update
An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
Security Fix(es):
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.(CVE-2022-29155)
An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
openldap
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1654
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29155
https://nvd.nist.gov/vuln/detail/CVE-2022-29155
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openldap-2.4.50-7.oe1.aarch64.rpm
openldap-debuginfo-2.4.50-7.oe1.aarch64.rpm
openldap-debugsource-2.4.50-7.oe1.aarch64.rpm
openldap-devel-2.4.50-7.oe1.aarch64.rpm
openldap-clients-2.4.50-7.oe1.aarch64.rpm
openldap-servers-2.4.50-7.oe1.aarch64.rpm
openldap-2.4.50-7.oe1.aarch64.rpm
openldap-debuginfo-2.4.50-7.oe1.aarch64.rpm
openldap-debugsource-2.4.50-7.oe1.aarch64.rpm
openldap-devel-2.4.50-7.oe1.aarch64.rpm
openldap-clients-2.4.50-7.oe1.aarch64.rpm
openldap-servers-2.4.50-7.oe1.aarch64.rpm
openldap-2.6.0-3.oe2203.aarch64.rpm
openldap-debuginfo-2.6.0-3.oe2203.aarch64.rpm
openldap-debugsource-2.6.0-3.oe2203.aarch64.rpm
openldap-devel-2.6.0-3.oe2203.aarch64.rpm
openldap-clients-2.6.0-3.oe2203.aarch64.rpm
openldap-servers-2.6.0-3.oe2203.aarch64.rpm
openldap-help-2.4.50-7.oe1.noarch.rpm
openldap-help-2.4.50-7.oe1.noarch.rpm
openldap-help-2.6.0-3.oe2203.noarch.rpm
openldap-2.4.50-7.oe1.src.rpm
openldap-2.4.50-7.oe1.src.rpm
openldap-2.6.0-3.oe2203.src.rpm
openldap-2.4.50-7.oe1.x86_64.rpm
openldap-debuginfo-2.4.50-7.oe1.x86_64.rpm
openldap-debugsource-2.4.50-7.oe1.x86_64.rpm
openldap-devel-2.4.50-7.oe1.x86_64.rpm
openldap-clients-2.4.50-7.oe1.x86_64.rpm
openldap-servers-2.4.50-7.oe1.x86_64.rpm
openldap-2.4.50-7.oe1.x86_64.rpm
openldap-debuginfo-2.4.50-7.oe1.x86_64.rpm
openldap-debugsource-2.4.50-7.oe1.x86_64.rpm
openldap-devel-2.4.50-7.oe1.x86_64.rpm
openldap-clients-2.4.50-7.oe1.x86_64.rpm
openldap-servers-2.4.50-7.oe1.x86_64.rpm
openldap-2.6.0-3.oe2203.x86_64.rpm
openldap-debuginfo-2.6.0-3.oe2203.x86_64.rpm
openldap-debugsource-2.6.0-3.oe2203.x86_64.rpm
openldap-devel-2.6.0-3.oe2203.x86_64.rpm
openldap-clients-2.6.0-3.oe2203.x86_64.rpm
openldap-servers-2.6.0-3.oe2203.x86_64.rpm
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.
2022-05-18
CVE-2022-29155
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
openldap security update
2022-05-18
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1654