Advisories ยป MGASA-2020-0200

Updated openldap packages fix security vulnerabilities

Publication date: 05 May 2020
Modification date: 05 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-17740 , CVE-2020-12243

Description

Updated openldap packages fix security vulnerabilities:

When both the nops module and the member of overlay are enabled, attempts to
free a buffer that was allocated on the stack, which allows remote attackers to
cause a denial of service (slapd crash) via a member MODDN operation
(CVE-2017-17740).

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested
boolean expressions can result in denial of service (daemon crash)
(CVE-2020-12243).

The nops overlay has been dropped from the package, fixing CVE-2017-17740.

The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243
and several other bugs.
                

References

SRPMS

7/core