SUSE-SU-2018:4150-1

Опубликовано: 17 дек. 2018

Источник: suse-cvrf

Описание

Security update for openldap2

This update for openldap2 fixes the following issues:

Security issue fixed:

CVE-2017-17740: When both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Desktop 12 SP4

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Server 12 SP3

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-2.4.41-18.43.1

openldap2-back-meta-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Server 12 SP4

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-2.4.41-18.43.1

openldap2-back-meta-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-2.4.41-18.43.1

openldap2-back-meta-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libldap-2_4-2-2.4.41-18.43.1

libldap-2_4-2-32bit-2.4.41-18.43.1

openldap2-2.4.41-18.43.1

openldap2-back-meta-2.4.41-18.43.1

openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Software Development Kit 12 SP3

openldap2-back-perl-2.4.41-18.43.1

openldap2-devel-2.4.41-18.43.1

openldap2-devel-static-2.4.41-18.43.1

SUSE Linux Enterprise Software Development Kit 12 SP4

openldap2-back-perl-2.4.41-18.43.1

openldap2-devel-2.4.41-18.43.1

openldap2-devel-static-2.4.41-18.43.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20184150-1/
Link for SUSE-SU-2018:4150-1
https://lists.suse.com/pipermail/sle-security-updates/2018-December/004970.html
E-Mail link for SUSE-SU-2018:4150-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1073313
SUSE Bug 1073313
https://www.suse.com/security/cve/CVE-2017-17740/
SUSE CVE CVE-2017-17740 page

Описание

contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP3:libldap-2_4-2-2.4.41-18.43.1

SUSE Linux Enterprise Desktop 12 SP3:libldap-2_4-2-32bit-2.4.41-18.43.1

SUSE Linux Enterprise Desktop 12 SP3:openldap2-client-2.4.41-18.43.1

SUSE Linux Enterprise Desktop 12 SP4:libldap-2_4-2-2.4.41-18.43.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-17740.html
CVE-2017-17740
https://bugzilla.suse.com/1073313
SUSE Bug 1073313

SUSE-SU-2018:4150-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP3

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP3

SUSE Linux Enterprise Software Development Kit 12 SP4

Ссылки

Уязвимость: CVE-2017-17740

Описание

Затронутые продукты

Ссылки