Описание
Security update for openldap2_5
This update for openldap2_5 fixes the following issues:
Security fixes:
- CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297)
Other fixes:
-
Update to version 2.5.20+11:
- ITS#10421 mdb_load: check for malicious input
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
libldap-2_5-0-2.5.20+11-150500.11.38.1
openldap2_5-client-2.5.20+11-150500.11.38.1
openldap2_5-devel-2.5.20+11-150500.11.38.1
openldap2_5-doc-2.5.20+11-150500.11.38.1
SUSE Linux Enterprise Module for Server Applications 15 SP7
openldap2_5-2.5.20+11-150500.11.38.1
openldap2_5-contrib-2.5.20+11-150500.11.38.1
openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1
openSUSE Leap 15.6
libldap-2_5-0-2.5.20+11-150500.11.38.1
openldap2_5-2.5.20+11-150500.11.38.1
openldap2_5-client-2.5.20+11-150500.11.38.1
openldap2_5-contrib-2.5.20+11-150500.11.38.1
openldap2_5-devel-2.5.20+11-150500.11.38.1
openldap2_5-doc-2.5.20+11-150500.11.38.1
openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1
Ссылки
- Link for SUSE-SU-2026:0256-1
- E-Mail link for SUSE-SU-2026:0256-1
- SUSE Security Ratings
- SUSE Bug 1256297
- SUSE CVE CVE-2026-22185 page
Описание
OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libldap-2_5-0-2.5.20+11-150500.11.38.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-client-2.5.20+11-150500.11.38.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-devel-2.5.20+11-150500.11.38.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-doc-2.5.20+11-150500.11.38.1
Ссылки
- CVE-2026-22185
- SUSE Bug 1256297