You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa openldap

Sigurnosni nedostaci programskog paketa openldap

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4078-1
July 30, 2019

openldap vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenLDAP.

Software Description:
– openldap: OpenLDAP utilities

Details:

It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)

It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
slapd 2.4.47+dfsg-3ubuntu2.1

Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.3

Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4078-1
CVE-2019-13057, CVE-2019-13565

Package Information:
https://launchpad.net/ubuntu/+source/openldap/2.4.47+dfsg-3ubuntu2.1
https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.3
https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.6

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl1AlrsACgkQZWnYVadE
vpMjPw/+Pgkd+ovKXSUYUwfhDBXAbvPhCLPfCrgtNiIUB3VUaBiQjP4DcD7+eFlV
2/PJd3PsX1p21YcUezB3oF84Nz6nIIbgg/Midv2HAITdVdNmFKPxwNvJ/czSDxDJ
nKyKz60texWSXDp34IxJT1Kx9VhkiS0dhcl769CaNZAprOmHch0k6vh1HJOJXQ/O
8L4znbCSu5St2qVM2gq2MJvZZugXrqz8VEORApBfD5QLX9EzFcvLrKBaVslVx57H
OnYyKfKOKZVW/tkPdc9UMqcRcfopqyYzf1MEKA+pXakF2fnkOMNECTYV5a4g/MfD
UWfPbZXp9vnlq1AhXhTJn5cccAFXGpVpD9dwa25oieIQj0DoFgw23BzXA5wFt3kL
ZHG/dpU/sZo8XcnXFN15iT5tcTiwlUKQzteK1NPeqaI2AiU5JgA3THTOVV4NgLZ4
8uHIRY6Rkf30Dih4ouatbUaSega8n8MfEILe33rp2w/CoceHs3xr/YGeXaS/MKTs
wP8i8qm2xuc0fUV1Gp5IKFADmKVIcAVmrOpRBLeKKO6tQ0U3UkwJXzJUm3rfzsma
JjJypr/C8QFgMfYq/RJnJsrNHhKg/0suAy9ZS6wlz9F8h/MhzFPy8USWie+ByIPP
SPxcn8WMCHBfRrULKYbG8SxHzbiFBuSn6yg9tD9ADoB6F1zqIbo=
=LMyU
—–END PGP SIGNATURE—–

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci jezgre operacijskog sustava

Otkriveni su sigurnosni nedostaci jezgre operacijskog sustava RHEL. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja, izvršavanje proizvoljnog programskog koda,...

Close