openSUSE Security Update: Security update for kanidm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0294-1 Rating: moderate References: #1191031 #1194119 #1196972 #1210356 Cross-References: CVE-2021-45710 CVE-2022-24713 CVE-2023-26964 CVSS scores: CVE-2021-45710 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2023-26964 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for kanidm fixes the following issues: - kanidm version 1.3.3~git0.f075d13: * Release 1.3.3 * Mail substr index (#2981) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-294=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 x86_64): kanidm-1.3.3~git0.f075d13-bp156.4.1 kanidm-clients-1.3.3~git0.f075d13-bp156.4.1 kanidm-docs-1.3.3~git0.f075d13-bp156.4.1 kanidm-server-1.3.3~git0.f075d13-bp156.4.1 kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1 References: https://www.suse.com/security/cve/CVE-2021-45710.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2023-26964.html https://bugzilla.suse.com/1191031 https://bugzilla.suse.com/1194119 https://bugzilla.suse.com/1196972 https://bugzilla.suse.com/1210356