USN-5424-1: OpenLDAP vulnerability
17 May 2022
OpenLDAP could be made to perform arbitrary modifications to the database.
- openldap - Lightweight Directory Access Protocol
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-5424-2: slapd-smbk5pwd, libldap-2.4-2, openldap, slapd, ldap-utils, libldap2-dev