Debian 10261 Published by

An openldap security update has been released for Debian GNU/Linux 8 Extended LTS to address a SQL injection vulnerability.



ELA-618-1 openldap security update

Package openldap
Version 2.4.40+dfsg-1+deb8u11
Related CVEs CVE-2022-29155

Jacek Konieczny discovered a SQL injection vulnerability in the back-sql backend to slapd in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, allowing an attacker to alter the database during an LDAP search operations when a specially crafted search filter is processed.

For Debian 8 jessie, these problems have been fixed in version 2.4.40+dfsg-1+deb8u11.

We recommend that you upgrade your openldap packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-618-1 openldap security update