Lucene search
AmazonALAS2-2022-1796HistoryMay 20, 2022 - 10:39 p.m.
Critical: openldap
2022-05-2022:39:00
alas.aws.amazon.com
7
0.011 Low
EPSS
Percentile
84.4%
Issue Overview:
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. (CVE-2022-29155)
Affected Packages:
openldap
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update openldap to update your system.
New Packages:
aarch64:
openldap-servers-sql-2.4.44-23.amzn2.0.4.aarch64
i686:
openldap-servers-sql-2.4.44-23.amzn2.0.4.i686
x86_64:
openldap-servers-sql-2.4.44-23.amzn2.0.4.x86_64
Additional References
Red Hat: CVE-2022-29155
Mitre: CVE-2022-29155
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | openldap-servers-sql | < 2.4.44-23.amzn2.0.4 | openldap-servers-sql-2.4.44-23.amzn2.0.4.aarch64.rpm |
| Amazon Linux | 2 | i686 | openldap-servers-sql | < 2.4.44-23.amzn2.0.4 | openldap-servers-sql-2.4.44-23.amzn2.0.4.i686.rpm |
| Amazon Linux | 2 | x86_64 | openldap-servers-sql | < 2.4.44-23.amzn2.0.4 | openldap-servers-sql-2.4.44-23.amzn2.0.4.x86_64.rpm |
Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : openldap2 (SUSE-SU-2022:1670-1)
2022-05-17 00:00:00
EulerOS 2.0 SP10 : openldap (EulerOS-SA-2022-2166)
2022-07-29 00:00:00
EulerOS Virtualization 2.9.1 : openldap (EulerOS-SA-2022-2358)
2022-09-23 00:00:00
amazon
amazon
Critical: openldap
2023-02-17 00:02:00
Critical: openldap
2022-05-20 22:13:00
Critical: openldap
2023-02-17 00:12:00
osv
osv
openldap vulnerability
2022-05-17 11:47:37
BIT-openldap-2022-29155
2024-03-06 10:59:57
openldap - security update
2022-05-20 00:00:00
veracode
veracode
SQL Injection
2022-06-13 13:35:11
cve
cve
CVE-2022-29155
2022-05-04 20:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2358)
2022-09-26 00:00:00
Huawei EulerOS: Security Advisory for compat-openldap (EulerOS-SA-2022-1885)
2022-06-17 00:00:00
Huawei EulerOS: Security Advisory for openldap (EulerOS-SA-2022-2628)
2022-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2022-29155
2022-05-04 00:00:00
debian
debian
[SECURITY] [DSA 5140-1] openldap security update
2022-05-19 20:01:57
[SECURITY] [DLA 3017-1] openldap security update
2022-05-24 12:09:30
prion
prion
Sql injection
2022-05-04 20:15:00
redhatcve
redhatcve
CVE-2022-29155
2022-05-05 03:55:44
cbl_mariner
cbl_mariner
CVE-2022-29155 affecting package openldap 2.4.57-3
2022-01-26 22:53:40
CVE-2022-29155 affecting package openldap for versions less than 2.4.57-7
2022-06-26 03:29:34
photon
photon
Critical Photon OS Security Update - PHSA-2022-0396
2022-05-23 00:00:00
Critical Photon OS Security Update - PHSA-2022-0188
2022-05-22 00:00:00
Critical Photon OS Security Update - PHSA-2022-4.0-0188
2022-05-22 00:00:00
cvelist
cvelist
CVE-2022-29155
2022-05-04 19:06:09
debiancve
debiancve
CVE-2022-29155
2022-05-04 20:15:00
cloudfoundry
cloudfoundry
USN-5424-1: OpenLDAP vulnerability | Cloud Foundry
2022-07-29 00:00:00
suse
suse
Security update for openldap2 (important)
2022-05-16 00:00:00
mageia
mageia
Updated openldap packages fix security vulnerability
2022-05-25 21:46:18
alpinelinux
alpinelinux
CVE-2022-29155
2022-05-04 20:15:00
redos
redos
ROS-20230807-01
2023-08-07 00:00:00
ubuntu
ubuntu
OpenLDAP vulnerability
2022-05-19 00:00:00
OpenLDAP vulnerability
2022-05-17 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00