Score:0

Does packages security patches are backported to older version?

in flag

I see on cve.mitre.org that OpenLDAP (slapd) package have plenty of vulnerabilities prior to 2.4.57.

If I want to install OpenLDAP from official repositories on my Debian 10, which version is slapd/oldstable,oldstable 2.4.47+dfsg-3+deb10u6 amd64.

Do the security patches for those CVE are backported to this 2.4.47 version, or do I have to take the latest release (2.6.x) from the offcial website, and install it from the source to get rid of those CVE ?

Thank you.

Score:0
in flag

Usually packages are patched against security issues, regardless of their version. So if you see something like "A flaw was discovered in OpenLDAP before 2.4.57...", and you have 2.4.49 installed on your system, it doesn't necessarily (in most cases: it just doesn't) mean your server is vulnerable, provided, of course, your package came from the official Debian repository.

You can check if a package has a specific vulnerability patched on the Debian security bug tracker. There are links for checking the currently vulnerable packages, but you can search for a package or a CVE ID (at the bottom of the page), and check if a certain vulnerability is patched or not.

If you want to see a package, you should provide the source package, not the actual one you install. For example, for slapd, the source package is called openldap, so you should use that when listing vulnerabilities. The source of the given package can be queried with the following command:

apt-cache show (package) | grep Source:
in flag
A great thank you Sir.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.