drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in OpenLDAP
Name: |
Ausführen beliebiger Kommandos in OpenLDAP |
|
ID: |
USN-5424-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 21.10, Ubuntu 22.04 LTS |
|
Datum: |
Mi, 18. Mai 2022, 07:22 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155 |
|
Applikationen: |
OpenLDAP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8659559958863480583== Content-Language: en-CA Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------nowgVBmB5GtiQf5xtWj9WlTI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------nowgVBmB5GtiQf5xtWj9WlTI Content-Type: multipart/mixed; boundary="------------Sqr1KTheyWaaPL8CuHPX20J2"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <5896fa17-acf1-9d22-4a82-29ea26a7a5b5@canonical.com> Subject: [USN-5424-1] OpenLDAP vulnerability
--------------Sqr1KTheyWaaPL8CuHPX20J2 Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-5424-1 May 17, 2022
openldap vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS
Summary:
OpenLDAP could be made to perform arbitrary modifications to the database.
Software Description: - openldap: Lightweight Directory Access Protocol
Details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04 LTS: slapd 2.5.11+dfsg-1~exp1ubuntu3.1
Ubuntu 21.10: slapd 2.5.6+dfsg-1~exp1ubuntu1.1
Ubuntu 20.04 LTS: slapd 2.4.49+dfsg-2ubuntu1.9
Ubuntu 18.04 LTS: slapd 2.4.45+dfsg-1ubuntu1.11
In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5424-1 CVE-2022-29155
Package Information: https://launchpad.net/ubuntu/+source/openldap/2.5.11+dfsg-1~exp1ubuntu3.1 https://launchpad.net/ubuntu/+source/openldap/2.5.6+dfsg-1~exp1ubuntu1.1 https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.9 https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.11
--------------Sqr1KTheyWaaPL8CuHPX20J2--
--------------nowgVBmB5GtiQf5xtWj9WlTI Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmKDn7AACgkQZWnYVadE vpOW8BAAm4CLcZ2igl7Apq5g8SxGn6Uv+aR3pQEEtMK9tIq5xnJkE/2dChExJtg9 QeN31sF4L0hYx1qPPYKLxOLagpzxugddv4q5z6JObAEF49fRViWCtCfD83TJxLOA RsObe9lG2QXJgmX3MRoQNSWc2oez1NvGrVBrRWGJlh/MKj/1v0ALKt73JapVkyJL EbzyWlkqa6oTOHL/2stZAhIh40IHSghD6BUEyArrxyFj8Y+dBazB/EnNHnq3Xp7l rS+VJWAkpXMPqrHhRriJKSZLk7HffQmfiH6tFlCFco0tJrdQICgKWxZ6284GqslU CzQPheeL4iyNl3pnQdSsMo5Lbt+//mTVhfPba9rdMhp1/DIzR2KAed/ZB4dL3AA9 tWcHZNmpwDGNdA1ZNdEMSjp5utYlCth9a/hUzUdPkY9GsZVE/yyrhy+WS+V2pm0s 4jrGwy8PsWrdlDrnvBxngfZi+/YEJA2IRMocofpmbnNcPD1hJHEFlmfXK8TIITb/ FBPbSBcdnkeAdMMkmwJ7d/9SlUKW7jcOOroak5DYQS3/PmJssyEUPP0LZDY4PamS D4rkvXpRzna6MzF9S1t2tGVSqqTunFLWlZGdqKOfmXSdI8ee+0zd/c4qeMoVswgi 5dlge1fIsE4pGxvppAUVvBrx5yYDHGn7rjBaXN5Nvyzh6BrO7Ec= =wyBX -----END PGP SIGNATURE-----
--------------nowgVBmB5GtiQf5xtWj9WlTI--
--===============8659559958863480583== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
Cg==
--===============8659559958863480583==--
|
|
|
|