Advisories ยป MGASA-2020-0200

Updated openldap packages fix security vulnerabilities

Publication date: 05 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-17740 , CVE-2020-12243


Updated openldap packages fix security vulnerabilities:

When both the nops module and the member of overlay are enabled, attempts to
free a buffer that was allocated on the stack, which allows remote attackers to
cause a denial of service (slapd crash) via a member MODDN operation

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested
boolean expressions can result in denial of service (daemon crash)

The nops overlay has been dropped from the package, fixing CVE-2017-17740.

The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243
and several other bugs.