Security update for 389-ds SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1100-1 Final 1 1 2022-04-04T11:00:18Z current 2022-04-04T11:00:18Z 2022-04-04T11:00:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for 389-ds This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). - Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068) - Resolved multiple index migration bug (bsc#1194084) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-1100,SUSE-SLE-Module-Server-Applications-15-SP3-2022-1100 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221100-1/ Link for SUSE-SU-2022:1100-1 https://lists.suse.com/pipermail/sle-security-updates/2022-April/010649.html E-Mail link for SUSE-SU-2022:1100-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1194068 SUSE Bug 1194068 https://bugzilla.suse.com/1194084 SUSE Bug 1194084 https://bugzilla.suse.com/1197275 SUSE Bug 1197275 https://bugzilla.suse.com/1197345 SUSE Bug 1197345 https://www.suse.com/security/cve/CVE-2022-0918/ SUSE CVE CVE-2022-0918 page https://www.suse.com/security/cve/CVE-2022-0996/ SUSE CVE CVE-2022-0996 page SUSE Linux Enterprise Module for Server Applications 15 SP3 389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-snmp-1.4.4.19~git28.b12c72226-150300.3.12.1 lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. CVE-2022-0918 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221100-1/ https://www.suse.com/security/cve/CVE-2022-0918.html CVE-2022-0918 https://bugzilla.suse.com/1197275 SUSE Bug 1197275 A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. CVE-2022-0996 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221100-1/ https://www.suse.com/security/cve/CVE-2022-0996.html CVE-2022-0996 https://bugzilla.suse.com/1197345 SUSE Bug 1197345