Advisories » MGASA-2019-0280

Updated openldap packages fix security vulnerabilities

Publication date: 15 Sep 2019
Modification date: 15 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-13057 , CVE-2019-13565

Description

Updated openldap packages fix security vulnerabilities:
It was discovered that OpenLDAP incorrectly handled rootDN delegation.
A database administrator could use this issue to request authorization
as an identity from another database, contrary to expectations
(CVE-2019-13057).

It was discovered that OpenLDAP incorrectly handled SASL authentication
and session encryption. After a first SASL bind was completed, it was
possible to obtain access by performing simple binds, contrary to
expectations (CVE-2019-13565).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25286
• https://usn.ubuntu.com/4078-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565

SRPMS

7/core

• openldap-2.4.47-3.1.mga7

6/core

• openldap-2.4.45-2.1.mga6