USN-5424-2: OpenLDAP vulnerability
19 May 2022
OpenLDAP could be made to perform arbitrary modifications to the database.
- openldap - Lightweight Directory Access Protocol
USN-5424-1 fixed a vulnerability in OpenLDAP. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that OpenLDAP incorrectly handled certain SQL statements
within LDAP queries in the experimental back-sql backend. A remote attacker
could possibly use this issue to perform an SQL injection attack and alter
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
- USN-5424-1: ldap-utils, libldap-2.4-2, slapd-contrib, libldap-dev, libldap2-dev, libldap-common, libldap-2.5-0, slapd-smbk5pwd, slapi-dev, openldap, slapd