389-ds-2.1.1~git22.faef73366-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12113-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z 389-ds-2.1.1~git22.faef73366-1.1 on GA media These are all security issues fixed in the 389-ds-2.1.1~git22.faef73366-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12113 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1949/ SUSE CVE CVE-2022-1949 page openSUSE Tumbleweed 389-ds-2.1.1~git22.faef73366-1.1 389-ds-devel-2.1.1~git22.faef73366-1.1 389-ds-snmp-2.1.1~git22.faef73366-1.1 lib389-2.1.1~git22.faef73366-1.1 libsvrcore0-2.1.1~git22.faef73366-1.1 389-ds-2.1.1~git22.faef73366-1.1 as a component of openSUSE Tumbleweed 389-ds-devel-2.1.1~git22.faef73366-1.1 as a component of openSUSE Tumbleweed 389-ds-snmp-2.1.1~git22.faef73366-1.1 as a component of openSUSE Tumbleweed lib389-2.1.1~git22.faef73366-1.1 as a component of openSUSE Tumbleweed libsvrcore0-2.1.1~git22.faef73366-1.1 as a component of openSUSE Tumbleweed An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. CVE-2022-1949 openSUSE Tumbleweed:389-ds-2.1.1~git22.faef73366-1.1 openSUSE Tumbleweed:389-ds-devel-2.1.1~git22.faef73366-1.1 openSUSE Tumbleweed:389-ds-snmp-2.1.1~git22.faef73366-1.1 openSUSE Tumbleweed:lib389-2.1.1~git22.faef73366-1.1 openSUSE Tumbleweed:libsvrcore0-2.1.1~git22.faef73366-1.1 important 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1949.html CVE-2022-1949 https://bugzilla.suse.com/1199889 SUSE Bug 1199889