Описание
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 5 | openldap24-libs | Out of support scope | ||
| Red Hat Enterprise Linux 6 | compat-openldap | Out of support scope | ||
| Red Hat Enterprise Linux 6 | openldap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-openldap | Fix deferred | ||
| Red Hat Enterprise Linux 7 | openldap | Fix deferred | ||
| Red Hat Enterprise Linux 8 | openldap | Fixed | RHBA-2019:3674 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
libldap in certain third-party OpenLDAP packages has a certificate-val ...
EPSS
4.2 Medium
CVSS3