Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
Security issues fixed:
- CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
- CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909).
Non-security issue fixed:
- Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
libldap-2_4-2-2.4.46-lp151.10.24.1
libldap-2_4-2-32bit-2.4.46-lp151.10.24.1
libldap-data-2.4.46-lp151.10.24.1
openldap2-2.4.46-lp151.10.24.1
openldap2-back-meta-2.4.46-lp151.10.24.1
openldap2-back-perl-2.4.46-lp151.10.24.1
openldap2-back-sock-2.4.46-lp151.10.24.1
openldap2-back-sql-2.4.46-lp151.10.24.1
openldap2-client-2.4.46-lp151.10.24.1
openldap2-contrib-2.4.46-lp151.10.24.1
openldap2-devel-2.4.46-lp151.10.24.1
openldap2-devel-32bit-2.4.46-lp151.10.24.1
openldap2-devel-static-2.4.46-lp151.10.24.1
openldap2-doc-2.4.46-lp151.10.24.1
openldap2-ppolicy-check-password-1.2-lp151.10.24.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0102-1
- SUSE Security Ratings
- SUSE Bug 1178909
- SUSE Bug 1179503
- SUSE CVE CVE-2020-25709 page
- SUSE CVE CVE-2020-25710 page
Описание
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.
Затронутые продукты
openSUSE Leap 15.1:libldap-2_4-2-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:libldap-2_4-2-32bit-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:libldap-data-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:openldap2-2.4.46-lp151.10.24.1
Ссылки
- CVE-2020-25709
- SUSE Bug 1178909
Описание
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Затронутые продукты
openSUSE Leap 15.1:libldap-2_4-2-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:libldap-2_4-2-32bit-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:libldap-data-2.4.46-lp151.10.24.1
openSUSE Leap 15.1:openldap2-2.4.46-lp151.10.24.1
Ссылки
- CVE-2020-25710
- SUSE Bug 1178909