First published: Tue Jul 30 2019(Updated: )
It was discovered that OpenLDAP incorrectly handled rootDN delegation. A database administrator could use this issue to request authorization as an identity from another database, contrary to expectations. (CVE-2019-13057) It was discovered that OpenLDAP incorrectly handled SASL authentication and session encryption. After a first SASL bind was completed, it was possible to obtain access by performing simple binds, contrary to expectations. (CVE-2019-13565)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/slapd | <2.4.47+dfsg-3ubuntu2.1 | 2.4.47+dfsg-3ubuntu2.1 |
=19.04 | ||
All of | ||
ubuntu/slapd | <2.4.45+dfsg-1ubuntu1.3 | 2.4.45+dfsg-1ubuntu1.3 |
=18.04 | ||
All of | ||
ubuntu/slapd | <2.4.42+dfsg-2ubuntu3.6 | 2.4.42+dfsg-2ubuntu3.6 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this OpenLDAP vulnerability is CVE-2019-13057.
The severity of CVE-2019-13057 has not been provided in the USN.
The remedy for this OpenLDAP vulnerability in Ubuntu 19.04 is to update to version 2.4.47+dfsg-3ubuntu2.1 or later.
The remedy for this OpenLDAP vulnerability in Ubuntu 18.04 is to update to version 2.4.45+dfsg-1ubuntu1.3 or later.
The remedy for this OpenLDAP vulnerability in Ubuntu 16.04 is to update to version 2.4.42+dfsg-2ubuntu3.6 or later.