SUSE-SU-2021:0692-1
- Source
- https://www.suse.com/support/update/announcement/2021/suse-su-20210692-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0692-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2021:0692-1
- Related
- Published
- 2021-03-03T17:11:47Z
- Modified
- 2021-03-03T17:11:47Z
- Summary
- Security update for openldap2
- Details
-
This update for openldap2 fixes the following issues:
- bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service.
- bsc#1182411 CVE-2020-36229 - ldapX509dn2bv crash in the X.509 DN parsing in adkeystring, resulting in denial of service.
- bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service.
- bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.
- bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.
- bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.
- bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).
- bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
- bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20210692-1/
- https://bugzilla.suse.com/1182279
- https://bugzilla.suse.com/1182408
- https://bugzilla.suse.com/1182411
- https://bugzilla.suse.com/1182412
- https://bugzilla.suse.com/1182413
- https://bugzilla.suse.com/1182415
- https://bugzilla.suse.com/1182416
- https://bugzilla.suse.com/1182417
- https://bugzilla.suse.com/1182418
- https://bugzilla.suse.com/1182419
- https://bugzilla.suse.com/1182420
- https://www.suse.com/security/cve/CVE-2020-36221
- https://www.suse.com/security/cve/CVE-2020-36222
- https://www.suse.com/security/cve/CVE-2020-36223
- https://www.suse.com/security/cve/CVE-2020-36224
- https://www.suse.com/security/cve/CVE-2020-36225
- https://www.suse.com/security/cve/CVE-2020-36226
- https://www.suse.com/security/cve/CVE-2020-36227
- https://www.suse.com/security/cve/CVE-2020-36228
- https://www.suse.com/security/cve/CVE-2020-36229
- https://www.suse.com/security/cve/CVE-2020-36230
- https://www.suse.com/security/cve/CVE-2021-27212
Affected packages
SUSE:Linux Enterprise Module for Legacy 12 / openldap2
Package
- Name
- openldap2
- Purl
- pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012
SUSE:Linux Enterprise Server for SAP Applications 12 SP2 / openldap2
Package
- Name
- openldap2
- Purl
- pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
SUSE:Linux Enterprise Server for SAP Applications 12 SP3 / openldap2
Package
- Name
- openldap2
- Purl
- pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
SUSE:Linux Enterprise Server for SAP Applications 12 SP4 / openldap2
Package
- Name
- openldap2
- Purl
- pkg:rpm/suse/openldap2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4