Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 455
Alerts This Week
Warning Icon 1 455

SUSE: 2021:0723-1 Important: OpenLDAP Denial of Service Issues

suse
Calendar Grey March 8, 2021
Dist Suse Esm H88
This announcement tackles significant vulnerabilities in openldap2, providing a vital security notification for various SUSE releases.
An update that fixes 11 vulnerabilities is now available

Summary

This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the

References

#1182279 #1182408 #1182411 #1182412 #1182413

#1182415 #1182416 #1182417 #1182418 #1182419

#1182420

Cross- CVE-2020-36221 CVE-2020-36222 CVE-2020-36223

CVE-2020-36224 CVE-2020-36225 CVE-2020-36226

CVE-2020-36227 CVE-2020-36228 CVE-2020-36229

CVE-2020-36230 CVE-2021-27212

CVSS scores:

CVE-2020-36221 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36221 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36223 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2020-36223 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2021:0723-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.