Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libldap-2_4-2-2.4.46-lp152.14.6.1
libldap-2_4-2-32bit-2.4.46-lp152.14.6.1
libldap-data-2.4.46-lp152.14.6.1
openldap2-2.4.46-lp152.14.6.1
openldap2-back-meta-2.4.46-lp152.14.6.1
openldap2-back-perl-2.4.46-lp152.14.6.1
openldap2-back-sock-2.4.46-lp152.14.6.1
openldap2-back-sql-2.4.46-lp152.14.6.1
openldap2-client-2.4.46-lp152.14.6.1
openldap2-contrib-2.4.46-lp152.14.6.1
openldap2-devel-2.4.46-lp152.14.6.1
openldap2-devel-32bit-2.4.46-lp152.14.6.1
openldap2-devel-static-2.4.46-lp152.14.6.1
openldap2-doc-2.4.46-lp152.14.6.1
openldap2-ppolicy-check-password-1.2-lp152.14.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1459-1
- SUSE Security Ratings
- SUSE Bug 1174154
- SUSE CVE CVE-2020-15719 page
Описание
libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Затронутые продукты
openSUSE Leap 15.2:libldap-2_4-2-2.4.46-lp152.14.6.1
openSUSE Leap 15.2:libldap-2_4-2-32bit-2.4.46-lp152.14.6.1
openSUSE Leap 15.2:libldap-data-2.4.46-lp152.14.6.1
openSUSE Leap 15.2:openldap2-2.4.46-lp152.14.6.1
Ссылки
- CVE-2020-15719
- SUSE Bug 1174154