An update that solves one vulnerability and has one errata
is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl
client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 2.0.16~git20.219f047ae:
- Fix missing ‘not’ in description
- CI - makes replication/acceptance_test.py::test_modify_entry more
robust
- fix repl keep alive event interval
- Sync_repl may crash while managing invalid cookie
- Hostname when set to localhost causing failures in other tests
- lib389 - do not set backend name to lowercase
- keep alive update event starts too soon
- Fix various memory leaks
- UI - LDAP Editor is not updated when we switch instances
- Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
- UI - Various fixes and RFE’s for UI
- Remove problematic language from source code
- CI - disable TLS hostname checking
- Update npm and cargo packages
- Support ECDSA private keys for TLS
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3286=1
-
SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286=1