openSUSE Leap 15.2 Advisory: 2021:0408-1 Critical Denial of Service Fix
opensuse
March 14, 2021
An update that fixes 11 vulnerabilities is now available
Description
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509
DN parsing in decode.c ber_next_element, resulting in denial
of service.
- bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN
parsing in ad_keystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the
Certificate List Exact Assertion processing, resulting in denial of
service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the
cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the
saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-408=1
Package List
- openSUSE Leap 15.2 (i586 x86_64):
libldap-2_4-2-2.4.46-lp152.14.18.1
libldap-2_4-2-debuginfo-2.4.46-lp152.14.18.1
openldap2-2.4.46-lp152.14.18.1
openldap2-back-meta-2.4.46-lp152.14.18.1
openldap2-back-meta-debuginfo-2.4.46-lp152.14.18.1
openldap2-back-perl-2.4.46-lp152.14.18.1
openldap2-back-perl-debuginfo-2.4.46-lp152.14.18.1
openldap2-back-sock-2.4.46-lp152.14.18.1
openldap2-back-sock-debuginfo-2.4.46-lp152.14.18.1
openldap2-back-sql-2.4.46-lp152.14.18.1
openldap2-back-sql-debuginfo-2.4.46-lp152.14.18.1
openldap2-client-2.4.46-lp152.14.18.1
openldap2-client-debuginfo-2.4.46-lp152.14.18.1
openldap2-contrib-2.4.46-lp152.14.18.1
openldap2-contrib-debuginfo-2.4.46-lp152.14.18.1
openldap2-debuginfo-2.4.46-lp152.14.18.1
openldap2-debugsource-2.4.46-lp152.14.18.1
openldap2-devel-2.4.46-lp152.14.18.1
openldap2-devel-static-2.4.46-lp152.14.18.1
openldap2-ppolicy-check-password-1.2-lp152.14.18.1
openldap2-ppolicy-check-password-debuginfo-1.2-lp152.14.18.1
- openSUSE Leap 15.2 (noarch):
libldap-data-2.4.46-lp152.14...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2020-36221.html
https://www.suse.com/security/cve/CVE-2020-36222.html
https://www.suse.com/security/cve/CVE-2020-36223.html
https://www.suse.com/security/cve/CVE-2020-36224.html
https://www.suse.com/security/cve/CVE-2020-36225.html
https://www.suse.com/security/cve/CVE-2020-36226.html
https://www.suse.com/security/cve/CVE-2020-36227.html
https://www.suse.com/security/cve/CVE-2020-36228.html
https://www.suse.com/security/cve/CVE-2020-36229.html
https://www.suse.com/security/cve/CVE-2020-36230.html
https://www.suse.com/security/cve/CVE-2021-27212.html
https://bugzilla.suse.com/1182279
https://bugzilla.suse.com/1182408
https://bugzilla.suse.com/1182411
https://bugzilla.suse.com/1182412
https://bugzilla.suse.com/1182413
https://bugzilla.suse.com/1182415
https://bugzilla.suse.com/1182416
https://bugzilla.suse.com/1182417
https://bugzilla.suse.com/1182418
https://bugzilla.suse.com/1182419
https://bugzilla.suse.com/1182420
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2021:0408-1
Rating: important
Affected Products:
openSUSE Leap 15.2
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!