An update that solves one vulnerability and has one errata
is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl
client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 1.4.4.19~git46.c900a28c8:
- CI - makes replication/acceptance_test.py::test_modify_entry more
robust
- UI - LDAP Editor is not updated when we switch instances
- Improvements to openldap import with password policy present
(bsc#1199908)
- Update to version 1.4.4.19~git43.8ba2ea21f:
- fix covscan
- BUG - pid file handling
- Memory leak in slapi_ldap_get_lderrno
- Need a compatibility option about sub suffix handling
- Release tarballs don’t contain cockpit webapp
- Replication broken after password change
- Harden ReplicationManager.wait_for_replication
- dscontainer: TypeError: unsupported operand type(s) for /: ‘str’ and
‘int’
- CLI - dsconf backend export breaks with multiple backends
- CLI - improve task handling
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3029=1
-
SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029=1