An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1654 Final 1.0 1.0 2022-05-18 Initial 2022-05-18 2022-05-18 openEuler SA Tool V1.0 2022-05-18 openldap security update An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.(CVE-2022-29155) An update for openldap is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical openldap https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1654 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29155 https://nvd.nist.gov/vuln/detail/CVE-2022-29155 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openldap-2.4.50-7.oe1.aarch64.rpm openldap-debuginfo-2.4.50-7.oe1.aarch64.rpm openldap-debugsource-2.4.50-7.oe1.aarch64.rpm openldap-devel-2.4.50-7.oe1.aarch64.rpm openldap-clients-2.4.50-7.oe1.aarch64.rpm openldap-servers-2.4.50-7.oe1.aarch64.rpm openldap-2.4.50-7.oe1.aarch64.rpm openldap-debuginfo-2.4.50-7.oe1.aarch64.rpm openldap-debugsource-2.4.50-7.oe1.aarch64.rpm openldap-devel-2.4.50-7.oe1.aarch64.rpm openldap-clients-2.4.50-7.oe1.aarch64.rpm openldap-servers-2.4.50-7.oe1.aarch64.rpm openldap-2.6.0-3.oe2203.aarch64.rpm openldap-debuginfo-2.6.0-3.oe2203.aarch64.rpm openldap-debugsource-2.6.0-3.oe2203.aarch64.rpm openldap-devel-2.6.0-3.oe2203.aarch64.rpm openldap-clients-2.6.0-3.oe2203.aarch64.rpm openldap-servers-2.6.0-3.oe2203.aarch64.rpm openldap-help-2.4.50-7.oe1.noarch.rpm openldap-help-2.4.50-7.oe1.noarch.rpm openldap-help-2.6.0-3.oe2203.noarch.rpm openldap-2.4.50-7.oe1.src.rpm openldap-2.4.50-7.oe1.src.rpm openldap-2.6.0-3.oe2203.src.rpm openldap-2.4.50-7.oe1.x86_64.rpm openldap-debuginfo-2.4.50-7.oe1.x86_64.rpm openldap-debugsource-2.4.50-7.oe1.x86_64.rpm openldap-devel-2.4.50-7.oe1.x86_64.rpm openldap-clients-2.4.50-7.oe1.x86_64.rpm openldap-servers-2.4.50-7.oe1.x86_64.rpm openldap-2.4.50-7.oe1.x86_64.rpm openldap-debuginfo-2.4.50-7.oe1.x86_64.rpm openldap-debugsource-2.4.50-7.oe1.x86_64.rpm openldap-devel-2.4.50-7.oe1.x86_64.rpm openldap-clients-2.4.50-7.oe1.x86_64.rpm openldap-servers-2.4.50-7.oe1.x86_64.rpm openldap-2.6.0-3.oe2203.x86_64.rpm openldap-debuginfo-2.6.0-3.oe2203.x86_64.rpm openldap-debugsource-2.6.0-3.oe2203.x86_64.rpm openldap-devel-2.6.0-3.oe2203.x86_64.rpm openldap-clients-2.6.0-3.oe2203.x86_64.rpm openldap-servers-2.6.0-3.oe2203.x86_64.rpm In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. 2022-05-18 CVE-2022-29155 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H openldap security update 2022-05-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1654