OESA-2021-1062
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1062
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1062.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1062
- Upstream
- Published
- 2021-03-05T11:02:39Z
- Modified
- 2025-08-12T05:06:31.896185Z
- Summary
- openldap security update
- Details
-
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
Security Fix(es):
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.(CVE-2020-36228)
A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.(CVE-2020-36227)
A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36226)
A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service.(CVE-2020-36230)
An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).(CVE-2020-36221)
A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.(CVE-2020-36222)
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36224)
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).(CVE-2020-36223)
A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36225)
A flaw was discovered in ldapX509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in adkeystring, resulting in denial of service.(CVE-2020-36229)
- Database specific
{ "severity": "High" }- References
-
- https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062
- https://nvd.nist.gov/vuln/detail/CVE-2020-36228
- https://nvd.nist.gov/vuln/detail/CVE-2020-36227
- https://nvd.nist.gov/vuln/detail/CVE-2020-36226
- https://nvd.nist.gov/vuln/detail/CVE-2020-36230
- https://nvd.nist.gov/vuln/detail/CVE-2020-36221
- https://nvd.nist.gov/vuln/detail/CVE-2020-36222
- https://nvd.nist.gov/vuln/detail/CVE-2020-36224
- https://nvd.nist.gov/vuln/detail/CVE-2020-36223
- https://nvd.nist.gov/vuln/detail/CVE-2020-36225
- https://nvd.nist.gov/vuln/detail/CVE-2020-36229
Affected packages
openEuler:20.03-LTS / openldap
Package
- Name
- openldap
- Purl
- pkg:rpm/openEuler/openldap&distro=openEuler-20.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.50-3.oe1
Ecosystem specific
{
"aarch64": [
"openldap-servers-2.4.50-3.oe1.aarch64.rpm",
"openldap-debugsource-2.4.50-3.oe1.aarch64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.aarch64.rpm",
"openldap-clients-2.4.50-3.oe1.aarch64.rpm",
"openldap-2.4.50-3.oe1.aarch64.rpm",
"openldap-devel-2.4.50-3.oe1.aarch64.rpm",
"openldap-servers-2.4.50-3.oe1.aarch64.rpm",
"openldap-debugsource-2.4.50-3.oe1.aarch64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.aarch64.rpm",
"openldap-clients-2.4.50-3.oe1.aarch64.rpm",
"openldap-2.4.50-3.oe1.aarch64.rpm",
"openldap-devel-2.4.50-3.oe1.aarch64.rpm"
],
"x86_64": [
"openldap-2.4.50-3.oe1.x86_64.rpm",
"openldap-clients-2.4.50-3.oe1.x86_64.rpm",
"openldap-devel-2.4.50-3.oe1.x86_64.rpm",
"openldap-debugsource-2.4.50-3.oe1.x86_64.rpm",
"openldap-servers-2.4.50-3.oe1.x86_64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.x86_64.rpm",
"openldap-2.4.50-3.oe1.x86_64.rpm",
"openldap-clients-2.4.50-3.oe1.x86_64.rpm",
"openldap-devel-2.4.50-3.oe1.x86_64.rpm",
"openldap-debugsource-2.4.50-3.oe1.x86_64.rpm",
"openldap-servers-2.4.50-3.oe1.x86_64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.x86_64.rpm"
],
"noarch": [
"openldap-help-2.4.50-3.oe1.noarch.rpm",
"openldap-help-2.4.50-3.oe1.noarch.rpm"
],
"src": [
"openldap-2.4.50-3.oe1.src.rpm",
"openldap-2.4.50-3.oe1.src.rpm"
]
}
openEuler:20.03-LTS-SP1 / openldap
Package
- Name
- openldap
- Purl
- pkg:rpm/openEuler/openldap&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.50-3.oe1
Ecosystem specific
{
"aarch64": [
"openldap-servers-2.4.50-3.oe1.aarch64.rpm",
"openldap-debugsource-2.4.50-3.oe1.aarch64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.aarch64.rpm",
"openldap-clients-2.4.50-3.oe1.aarch64.rpm",
"openldap-2.4.50-3.oe1.aarch64.rpm",
"openldap-devel-2.4.50-3.oe1.aarch64.rpm"
],
"x86_64": [
"openldap-2.4.50-3.oe1.x86_64.rpm",
"openldap-clients-2.4.50-3.oe1.x86_64.rpm",
"openldap-devel-2.4.50-3.oe1.x86_64.rpm",
"openldap-debugsource-2.4.50-3.oe1.x86_64.rpm",
"openldap-servers-2.4.50-3.oe1.x86_64.rpm",
"openldap-debuginfo-2.4.50-3.oe1.x86_64.rpm"
],
"noarch": [
"openldap-help-2.4.50-3.oe1.noarch.rpm"
],
"src": [
"openldap-2.4.50-3.oe1.src.rpm"
]
}