Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
compat-libldap-2_3-0-2.3.37-2.74.16.1
libldap-2_4-2-2.4.26-0.74.16.1
openldap2-2.4.26-0.74.16.1
openldap2-back-meta-2.4.26-0.74.16.1
openldap2-client-2.4.26-0.74.16.1
SUSE Linux Enterprise Server 11 SP4-LTSS
compat-libldap-2_3-0-2.3.37-2.74.16.1
libldap-2_4-2-2.4.26-0.74.16.1
libldap-2_4-2-32bit-2.4.26-0.74.16.1
openldap2-2.4.26-0.74.16.1
openldap2-back-meta-2.4.26-0.74.16.1
openldap2-client-2.4.26-0.74.16.1
SUSE Linux Enterprise Server 11-SECURITY
libldap-openssl1-2_4-2-2.4.26-0.74.16.1
libldap-openssl1-2_4-2-32bit-2.4.26-0.74.16.1
libldap-openssl1-2_4-2-x86-2.4.26-0.74.16.1
openldap2-client-openssl1-2.4.26-0.74.16.1
openldap2-openssl1-2.4.26-0.74.16.1
Ссылки
- Link for SUSE-SU-2020:14541-1
- E-Mail link for SUSE-SU-2020:14541-1
- SUSE Security Ratings
- SUSE Bug 1178387
- SUSE CVE CVE-2020-25692 page
Описание
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:compat-libldap-2_3-0-2.3.37-2.74.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:libldap-2_4-2-2.4.26-0.74.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:openldap2-2.4.26-0.74.16.1
SUSE Linux Enterprise Point of Sale 11 SP3:openldap2-back-meta-2.4.26-0.74.16.1
Ссылки
- CVE-2020-25692
- SUSE Bug 1178387