Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0200)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0200

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0200)

Resumen: The remote host is missing an update for the 'openldap' package(s) announced via the MGASA-2020-0200 advisory.

Descripción: Summary:
The remote host is missing an update for the 'openldap' package(s) announced via the MGASA-2020-0200 advisory.

Vulnerability Insight:
Updated openldap packages fix security vulnerabilities:

When both the nops module and the member of overlay are enabled, attempts to
free a buffer that was allocated on the stack, which allows remote attackers to
cause a denial of service (slapd crash) via a member MODDN operation
(CVE-2017-17740).

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested
boolean expressions can result in denial of service (daemon crash)
(CVE-2020-12243).

The nops overlay has been dropped from the package, fixing CVE-2017-17740.

The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243
and several other bugs.

Affected Software/OS:
'openldap' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2017-17740
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://www.oracle.com/security-alerts/cpuapr2022.html
SuSE Security Announcement: openSUSE-SU-2019:2157 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
SuSE Security Announcement: openSUSE-SU-2019:2176 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-12243
https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
https://security.netapp.com/advisory/ntap-20200511-0003/
https://support.apple.com/kb/HT211289
Debian Security Information: DSA-4666 (Google Search)
https://www.debian.org/security/2020/dsa-4666
https://bugs.openldap.org/show_bug.cgi?id=9202
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html
SuSE Security Announcement: openSUSE-SU-2020:0647 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html
https://usn.ubuntu.com/4352-1/
https://usn.ubuntu.com/4352-2/

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0200
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0200)
Resumen:	The remote host is missing an update for the 'openldap' package(s) announced via the MGASA-2020-0200 advisory.
Descripción:	Summary: The remote host is missing an update for the 'openldap' package(s) announced via the MGASA-2020-0200 advisory. Vulnerability Insight: Updated openldap packages fix security vulnerabilities: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation (CVE-2017-17740). In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash) (CVE-2020-12243). The nops overlay has been dropped from the package, fixing CVE-2017-17740. The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243 and several other bugs. Affected Software/OS: 'openldap' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-17740 https://kc.mcafee.com/corporate/index?page=content&id=SB10365 http://www.openldap.org/its/index.cgi/Incoming?id=8759 https://www.oracle.com/security-alerts/cpuapr2022.html SuSE Security Announcement: openSUSE-SU-2019:2157 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html SuSE Security Announcement: openSUSE-SU-2019:2176 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html Common Vulnerability Exposure (CVE) ID: CVE-2020-12243 https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 https://security.netapp.com/advisory/ntap-20200511-0003/ https://support.apple.com/kb/HT211289 Debian Security Information: DSA-4666 (Google Search) https://www.debian.org/security/2020/dsa-4666 https://bugs.openldap.org/show_bug.cgi?id=9202 https://www.oracle.com/security-alerts/cpuoct2020.html https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0647 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html https://usn.ubuntu.com/4352-1/ https://usn.ubuntu.com/4352-2/
Copyright	Copyright (C) 2022 Greenbone AG