Advisories ยป MGASA-2019-0280

Updated openldap packages fix security vulnerabilities

Publication date: 15 Sep 2019
Modification date: 15 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-13057 , CVE-2019-13565

Description

Updated openldap packages fix security vulnerabilities:
It was discovered that OpenLDAP incorrectly handled rootDN delegation.
A database administrator could use this issue to request authorization
as an identity from another database, contrary to expectations
(CVE-2019-13057).

It was discovered that OpenLDAP incorrectly handled SASL authentication
and session encryption. After a first SASL bind was completed, it was
possible to obtain access by performing simple binds, contrary to
expectations (CVE-2019-13565).
                

References

SRPMS

7/core

6/core