Alerts This Week
Warning Icon 1 914
Alerts This Week
Warning Icon 1 914

Mageia 7 OpenLDAP Update - MGASA-2020-0200 Critical Denial Of Service

mageia
Calendar Grey May 5, 2020
Dist Mageia Esm H88
Recent updates to the openldap packages for Mageia address significant security vulnerabilities, including issues that can lead to daemon failures.
Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack,...

Summary

Updated openldap packages fix security vulnerabilities:
When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation (CVE-2017-17740).
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash) (CVE-2020-12243).
The nops overlay has been dropped from the package, fixing CVE-2017-17740.
The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243 and several other bugs.

References

- https://bugs.mageia.org/show_bug.cgi?id=26569

- https://bugs.mageia.org/show_bug.cgi?id=24076

- https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/NQ6OHLWNVRKIJU3HI5YGGAZL54H2RB73/

- https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/VMMBUCQHEDF6QA4CDOONP2CDQEOR5YQA/

- https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FUOYA6YCHBXMLANBJMSO22JD2NB22WGC/

- - https://lists.debian.org/debian-security-announce/2020/msg00069.html

- https://www.cve.org/CVERecord?id=CVE-2017-17740

- https://www.cve.org/CVERecord?id=CVE-2020-12243

Topics%20covered

Topics Covered

security advisory denial of service security issue openldap Mageia CVE-2017-17740 CVE-2020-12243

Resolution

SRPMS

- 7/core/openldap-2.4.50-1.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 05 May 2020
URL: https://advisories.mageia.org/MGASA-2020-0200.html
Type: security
CVE: CVE-2017-17740, CVE-2020-12243

Topics%20covered

Topics Covered

security advisory denial of service security issue openldap Mageia CVE-2017-17740 CVE-2020-12243

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here