Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
libldap-2_4-2-2.4.46-lp152.14.9.1
libldap-2_4-2-32bit-2.4.46-lp152.14.9.1
libldap-data-2.4.46-lp152.14.9.1
openldap2-2.4.46-lp152.14.9.1
openldap2-back-meta-2.4.46-lp152.14.9.1
openldap2-back-perl-2.4.46-lp152.14.9.1
openldap2-back-sock-2.4.46-lp152.14.9.1
openldap2-back-sql-2.4.46-lp152.14.9.1
openldap2-client-2.4.46-lp152.14.9.1
openldap2-contrib-2.4.46-lp152.14.9.1
openldap2-devel-2.4.46-lp152.14.9.1
openldap2-devel-32bit-2.4.46-lp152.14.9.1
openldap2-devel-static-2.4.46-lp152.14.9.1
openldap2-doc-2.4.46-lp152.14.9.1
openldap2-ppolicy-check-password-1.2-lp152.14.9.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1539-1
- SUSE Security Ratings
- SUSE Bug 1175568
- SUSE CVE CVE-2020-8027 page
Описание
A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to overwrite arbitrary files and gain access to the openldap2 configuration This issue affects: SUSE Linux Enterprise Server 15-LTSS openldap2 versions prior to 2.4.46-9.37.1. SUSE Linux Enterprise Server for SAP 15 openldap2 versions prior to 2.4.46-9.37.1. openSUSE Leap 15.1 openldap2 versions prior to 2.4.46-lp151.10.18.1. openSUSE Leap 15.2 openldap2 versions prior to 2.4.46-lp152.14.9.1.
Затронутые продукты
openSUSE Leap 15.2:libldap-2_4-2-2.4.46-lp152.14.9.1
openSUSE Leap 15.2:libldap-2_4-2-32bit-2.4.46-lp152.14.9.1
openSUSE Leap 15.2:libldap-data-2.4.46-lp152.14.9.1
openSUSE Leap 15.2:openldap2-2.4.46-lp152.14.9.1
Ссылки
- CVE-2020-8027
- SUSE Bug 1175568