SUSE-CU-2022:1161-1: Security update of suse/sle15

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Wed May 25 08:28:22 UTC 2022


SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1161-1
Container Tags        : suse/sle15:15.0 , suse/sle15:15.0.4.22.562
Container Release     : 4.22.562
Severity              : important
Type                  : security
References            : 1191157 1197004 1199240 CVE-2022-29155 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1832-1
Released:    Tue May 24 11:52:33 2022
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1191157,1197004,1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:

Security:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

Bugfixes:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)


The following package changes have been done:

- libldap-2_4-2-2.4.46-150000.9.71.1 updated
- libldap-data-2.4.46-150000.9.71.1 updated


More information about the sle-security-updates mailing list