Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).
Список пакетов
SUSE Linux Enterprise Module for Legacy 12
compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
compat-libldap-2_3-0-2.3.37-18.24.23.1
Ссылки
- Link for SUSE-SU-2020:3315-1
- E-Mail link for SUSE-SU-2020:3315-1
- SUSE Security Ratings
- SUSE Bug 1178387
- SUSE CVE CVE-2020-25692 page
Описание
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.
Затронутые продукты
SUSE Linux Enterprise Module for Legacy 12:compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3:compat-libldap-2_3-0-2.3.37-18.24.23.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:compat-libldap-2_3-0-2.3.37-18.24.23.1
Ссылки
- CVE-2020-25692
- SUSE Bug 1178387