{"affected":[{"ecosystem_specific":{"binaries":[{"389-ds":"1.4.4.19~git46.c900a28c8-150300.3.22.1","389-ds-devel":"1.4.4.19~git46.c900a28c8-150300.3.22.1","lib389":"1.4.4.19~git46.c900a28c8-150300.3.22.1","libsvrcore0":"1.4.4.19~git46.c900a28c8-150300.3.22.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP3","name":"389-ds","purl":"pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.4.19~git46.c900a28c8-150300.3.22.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"389-ds":"1.4.4.19~git46.c900a28c8-150300.3.22.1","389-ds-devel":"1.4.4.19~git46.c900a28c8-150300.3.22.1","389-ds-snmp":"1.4.4.19~git46.c900a28c8-150300.3.22.1","lib389":"1.4.4.19~git46.c900a28c8-150300.3.22.1","libsvrcore0":"1.4.4.19~git46.c900a28c8-150300.3.22.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"389-ds","purl":"pkg:rpm/opensuse/389-ds&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.4.19~git46.c900a28c8-150300.3.22.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for 389-ds fixes the following issues:\n\n- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).\n\nNon-security fixes:\n\n- Update to version 1.4.4.19~git46.c900a28c8:\n  * CI - makes replication/acceptance_test.py::test_modify_entry more robust\n  * UI - LDAP Editor is not updated when we switch instances\n- Improvements to openldap import with password policy present (bsc#1199908)\n- Update to version 1.4.4.19~git43.8ba2ea21f:\n  * fix covscan\n  * BUG - pid file handling\n  * Memory leak in slapi_ldap_get_lderrno\n  * Need a compatibility option about sub suffix handling\n  * Release tarballs don't contain cockpit webapp\n  * Replication broken after password change\n  * Harden ReplicationManager.wait_for_replication\n  * dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'\n  * CLI - dsconf backend export breaks with multiple backends\n  * CLI - improve task handling\n","id":"SUSE-SU-2022:3029-1","modified":"2022-09-05T14:41:44Z","published":"2022-09-05T14:41:44Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223029-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199908"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202470"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-2850"}],"related":["CVE-2022-2850"],"summary":"Security update for 389-ds","upstream":["CVE-2022-2850"]}