File _patchinfo of Package patchinfo.25471

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.25471

<patchinfo incident="25471">
  <issue tracker="bnc" id="1202470">VUL-0: CVE-2022-2850: 389-ds: SIGSEGV in sync_repl</issue>
  <issue tracker="cve" id="2022-2850"/>
  <issue tracker="bnc" id="1197998">L3: sudo maintenance update to sudo-1.8.27-4.18.1 broke LDAP query sudo rules for windbind connected AD user.</issue>
  <packager>firstyear</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for 389-ds</summary>
  <description>This update for 389-ds fixes the following issues:

- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).

Non-security fixes:

- Update to version 2.0.16~git20.219f047ae:
  * Fix missing 'not' in description
  * CI - makes replication/acceptance_test.py::test_modify_entry more robust
  * fix repl keep alive event interval
  * Sync_repl may crash while managing invalid cookie
  * Hostname when set to localhost causing failures in other tests
  * lib389 - do not set backend name to lowercase
  * keep alive update event starts too soon
  * Fix various memory leaks
  * UI - LDAP Editor is not updated when we switch instances
  * Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
  * UI - Various fixes and RFE's for UI
  * Remove problematic language from source code
  * CI - disable TLS hostname checking
  * Update npm and cargo packages
  * Support ECDSA private keys for TLS
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.25471

Places