Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Список пакетов
Container suse/sles12sp3:latest
libldap-2_4-2-2.4.41-18.80.1
Image SLES12-SP4-OCI-BYOS
libldap-2_4-2-2.4.41-18.80.1
openldap2-client-2.4.41-18.80.1
Image SLES12-SP4-SAP-OCI-BYOS
libldap-2_4-2-2.4.41-18.80.1
openldap2-client-2.4.41-18.80.1
SUSE Linux Enterprise Server 12 SP5
libldap-2_4-2-2.4.41-18.80.1
libldap-2_4-2-32bit-2.4.41-18.80.1
openldap2-2.4.41-18.80.1
openldap2-back-meta-2.4.41-18.80.1
openldap2-client-2.4.41-18.80.1
openldap2-doc-2.4.41-18.80.1
openldap2-ppolicy-check-password-1.2-18.80.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libldap-2_4-2-2.4.41-18.80.1
libldap-2_4-2-32bit-2.4.41-18.80.1
openldap2-2.4.41-18.80.1
openldap2-back-meta-2.4.41-18.80.1
openldap2-client-2.4.41-18.80.1
openldap2-doc-2.4.41-18.80.1
openldap2-ppolicy-check-password-1.2-18.80.1
SUSE Linux Enterprise Software Development Kit 12 SP5
openldap2-back-perl-2.4.41-18.80.1
openldap2-devel-2.4.41-18.80.1
openldap2-devel-static-2.4.41-18.80.1
Ссылки
- Link for SUSE-SU-2021:0128-1
- E-Mail link for SUSE-SU-2021:0128-1
- SUSE Security Ratings
- SUSE Bug 1178909
- SUSE CVE CVE-2020-25709 page
- SUSE CVE CVE-2020-25710 page
Описание
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Затронутые продукты
Container suse/sles12sp3:latest:libldap-2_4-2-2.4.41-18.80.1
Image SLES12-SP4-OCI-BYOS:libldap-2_4-2-2.4.41-18.80.1
Image SLES12-SP4-OCI-BYOS:openldap2-client-2.4.41-18.80.1
Image SLES12-SP4-SAP-OCI-BYOS:libldap-2_4-2-2.4.41-18.80.1
Ссылки
- CVE-2020-25709
- SUSE Bug 1178909
Описание
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Затронутые продукты
Container suse/sles12sp3:latest:libldap-2_4-2-2.4.41-18.80.1
Image SLES12-SP4-OCI-BYOS:libldap-2_4-2-2.4.41-18.80.1
Image SLES12-SP4-OCI-BYOS:openldap2-client-2.4.41-18.80.1
Image SLES12-SP4-SAP-OCI-BYOS:libldap-2_4-2-2.4.41-18.80.1
Ссылки
- CVE-2020-25710
- SUSE Bug 1178909