Ubuntu Security Notice 5424-2 - USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database.
0e0e7d427185a4265212e9573a0d260655e14290d1cec821dc663cfb8913d341
==========================================================================
Ubuntu Security Notice USN-5424-2
May 19, 2022
openldap vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
OpenLDAP could be made to perform arbitrary modifications to the database.
Software Description:
- openldap: Lightweight Directory Access Protocol
Details:
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
the database.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
slapd 2.4.42+dfsg-2ubuntu3.13+esm1
Ubuntu 14.04 ESM:
slapd 2.4.31-1+nmu2ubuntu8.5+esm5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5424-2
https://ubuntu.com/security/notices/USN-5424-1
CVE-2022-29155