Updated openldap packages fix security vulnerabilities
Publication date: 15 Sep 2019Modification date: 15 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-13057 , CVE-2019-13565
Description
Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations (CVE-2019-13057). It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations (CVE-2019-13565).
References
SRPMS
7/core
- openldap-2.4.47-3.1.mga7
6/core
- openldap-2.4.45-2.1.mga6