Does packages security patches are backported to older version?

Stormrice

4/2/23, 10:27 AM

I see on cve.mitre.org that OpenLDAP (slapd) package have plenty of vulnerabilities prior to 2.4.57.

If I want to install OpenLDAP from official repositories on my Debian 10, which version is slapd/oldstable,oldstable 2.4.47+dfsg-3+deb10u6 amd64.

Do the security patches for those CVE are backported to this 2.4.47 version, or do I have to take the latest release (2.6.x) from the offcial website, and install it from the source to get rid of those CVE ?

Thank you.

0 + 0

security

debian

openldap

patch-management

slapd

Score:0

Server

Lacek

4/2/23, 11:26 AM

Usually packages are patched against security issues, regardless of their version. So if you see something like "A flaw was discovered in OpenLDAP before 2.4.57...", and you have 2.4.49 installed on your system, it doesn't necessarily (in most cases: it just doesn't) mean your server is vulnerable, provided, of course, your package came from the official Debian repository.

You can check if a package has a specific vulnerability patched on the Debian security bug tracker. There are links for checking the currently vulnerable packages, but you can search for a package or a CVE ID (at the bottom of the page), and check if a certain vulnerability is patched or not.

If you want to see a package, you should provide the source package, not the actual one you install. For example, for slapd, the source package is called openldap, so you should use that when listing vulnerabilities. The source of the given package can be queried with the following command:

apt-cache show (package) | grep Source:

0 + 0

Stormrice

4/2/23, 11:41 AM

A great thank you Sir.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Does packages security patches are backported to older version?

TH: แพตช์การรักษาความปลอดภัยของแพ็คเกจมีการย้อนกลับเป็นเวอร์ชันที่เก่ากว่าหรือไม่

RO: Patch-urile de securitate ale pachetelor sunt backportate la o versiune mai veche?

RU: Переносятся ли исправления безопасности пакетов на более раннюю версию?

VI: Các bản vá bảo mật của gói có được nhập vào phiên bản cũ hơn không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.