{"affected":[{"ecosystem_specific":{"binaries":[{"libldap-2_4-2":"2.4.46-lp151.10.3.1","libldap-2_4-2-32bit":"2.4.46-lp151.10.3.1","libldap-data":"2.4.46-lp151.10.3.1","openldap2":"2.4.46-lp151.10.3.1","openldap2-back-meta":"2.4.46-lp151.10.3.1","openldap2-back-perl":"2.4.46-lp151.10.3.1","openldap2-back-sock":"2.4.46-lp151.10.3.1","openldap2-back-sql":"2.4.46-lp151.10.3.1","openldap2-client":"2.4.46-lp151.10.3.1","openldap2-contrib":"2.4.46-lp151.10.3.1","openldap2-devel":"2.4.46-lp151.10.3.1","openldap2-devel-32bit":"2.4.46-lp151.10.3.1","openldap2-devel-static":"2.4.46-lp151.10.3.1","openldap2-doc":"2.4.46-lp151.10.3.1","openldap2-ppolicy-check-password":"1.2-lp151.10.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"openldap2","purl":"pkg:rpm/opensuse/openldap2&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.46-lp151.10.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for openldap2 fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194).\n- CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273).\n- CVE-2017-17740: When both the nops module and the member of overlay\n  are enabled, attempts to free a buffer that was allocated on the stack,\n  which allows remote attackers to cause a denial of service (slapd crash)\n  via a member MODDN operation. (bsc#1073313)\n\nNon-security issues fixed:\n\n- Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845).\n- Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388)\n- Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388).\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:2157-1","modified":"2019-09-23T18:19:38Z","published":"2019-09-23T18:19:38Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/46KFS6OC36UWKEJS7D2YUROL2323KWEB/#46KFS6OC36UWKEJS7D2YUROL2323KWEB"},{"type":"REPORT","url":"https://bugzilla.suse.com/1073313"},{"type":"REPORT","url":"https://bugzilla.suse.com/1111388"},{"type":"REPORT","url":"https://bugzilla.suse.com/1114845"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143194"},{"type":"REPORT","url":"https://bugzilla.suse.com/1143273"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-17740"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13057"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-13565"}],"related":["CVE-2017-17740","CVE-2019-13057","CVE-2019-13565"],"summary":"Security update for openldap2","upstream":["CVE-2017-17740","CVE-2019-13057","CVE-2019-13565"]}