SUSE: 2022:1161-1 suse/sle15 Security Update
Summary
Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important
References
References : 1191157 1197004 1199240 CVE-2022-29155
1191157,1197004,1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
Security:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Bugfixes:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
The following package changes have been done:
- libldap-2_4-2-2.4.46-150000.9.71.1 updated
- libldap-data-2.4.46-150000.9.71.1 updated