An update for openldap is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1062 Final 1.0 1.0 2021-03-05 Initial 2021-03-05 2021-03-05 openEuler SA Tool V1.0 2021-03-05 openldap security update An update for openldap is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.(CVE-2020-36228) A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.(CVE-2020-36227) A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36226) A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.(CVE-2020-36230) An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).(CVE-2020-36221) A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.(CVE-2020-36222) A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36224) A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).(CVE-2020-36223) A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.(CVE-2020-36225) A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.(CVE-2020-36229) An update for openldap is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High openldap https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36228 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36227 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36226 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36230 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36221 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36222 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36224 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36223 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36225 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-36229 https://nvd.nist.gov/vuln/detail/CVE-2020-36228 https://nvd.nist.gov/vuln/detail/CVE-2020-36227 https://nvd.nist.gov/vuln/detail/CVE-2020-36226 https://nvd.nist.gov/vuln/detail/CVE-2020-36230 https://nvd.nist.gov/vuln/detail/CVE-2020-36221 https://nvd.nist.gov/vuln/detail/CVE-2020-36222 https://nvd.nist.gov/vuln/detail/CVE-2020-36224 https://nvd.nist.gov/vuln/detail/CVE-2020-36223 https://nvd.nist.gov/vuln/detail/CVE-2020-36225 https://nvd.nist.gov/vuln/detail/CVE-2020-36229 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 openldap-servers-2.4.50-3.oe1.aarch64.rpm openldap-debugsource-2.4.50-3.oe1.aarch64.rpm openldap-debuginfo-2.4.50-3.oe1.aarch64.rpm openldap-clients-2.4.50-3.oe1.aarch64.rpm openldap-2.4.50-3.oe1.aarch64.rpm openldap-devel-2.4.50-3.oe1.aarch64.rpm openldap-servers-2.4.50-3.oe1.aarch64.rpm openldap-debugsource-2.4.50-3.oe1.aarch64.rpm openldap-debuginfo-2.4.50-3.oe1.aarch64.rpm openldap-clients-2.4.50-3.oe1.aarch64.rpm openldap-2.4.50-3.oe1.aarch64.rpm openldap-devel-2.4.50-3.oe1.aarch64.rpm openldap-help-2.4.50-3.oe1.noarch.rpm openldap-help-2.4.50-3.oe1.noarch.rpm openldap-2.4.50-3.oe1.src.rpm openldap-2.4.50-3.oe1.src.rpm openldap-2.4.50-3.oe1.x86_64.rpm openldap-clients-2.4.50-3.oe1.x86_64.rpm openldap-devel-2.4.50-3.oe1.x86_64.rpm openldap-debugsource-2.4.50-3.oe1.x86_64.rpm openldap-servers-2.4.50-3.oe1.x86_64.rpm openldap-debuginfo-2.4.50-3.oe1.x86_64.rpm openldap-2.4.50-3.oe1.x86_64.rpm openldap-clients-2.4.50-3.oe1.x86_64.rpm openldap-devel-2.4.50-3.oe1.x86_64.rpm openldap-debugsource-2.4.50-3.oe1.x86_64.rpm openldap-servers-2.4.50-3.oe1.x86_64.rpm openldap-debuginfo-2.4.50-3.oe1.x86_64.rpm An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. 2021-03-05 CVE-2020-36228 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. 2021-03-05 CVE-2020-36227 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. 2021-03-05 CVE-2020-36226 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. 2021-03-05 CVE-2020-36230 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). 2021-03-05 CVE-2020-36221 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. 2021-03-05 CVE-2020-36222 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. 2021-03-05 CVE-2020-36224 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). 2021-03-05 CVE-2020-36223 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. 2021-03-05 CVE-2020-36225 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. 2021-03-05 CVE-2020-36229 openEuler-20.03-LTS openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-03-05 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1062