MGASA-2020-0407 - Updated openldap packages fix a security vulnerability

Publication date: 10 Nov 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-25692

A vulnerability in the handling of normalization with modrdn was discovered in
OpenLDAP. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet

Also, the PID file path in the systemd service was fixed to use /run as the$
parent, rather than /var/run, eliminating warning messages in the logs.


- 7/core/openldap-2.4.50-1.2.mga7