[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 4845-1] openldap security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4845-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 03, 2021                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : openldap
CVE ID         : CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224
                 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228
                 CVE-2020-36229 CVE-2020-36230

Several vulnerabilities were discovered in OpenLDAP, a free
implementation of the Lightweight Directory Access Protocol. An
unauthenticated remote attacker can take advantage of these flaws to
cause a denial of service (slapd daemon crash, infinite loops) via
specially crafted packets.

For the stable distribution (buster), these problems have been fixed in
version 2.4.47+dfsg-3+deb10u5.

We recommend that you upgrade your openldap packages.

For the detailed security status of openldap please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/openldap

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAacX5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QPFg//fcGz69i33dnT0T9ZUCkW1x73lEHKb74p2Cj10rcTnl3NSbX8EmAUagke
oMBeMezDtY7SCjvli4KlgrvCMKes4l6BhXe+HH475CZUHKtyhx/+y5kGjL4BM3kJ
hZYkntsbU5ssg+O+Xdf0fERcxV9HVub4jIFh7r/0zWJriyXHhoz6eVnB+gRL/V9S
BrDq5DgP6lXrbcUStBu1Wpq0HV85r9vi8TQHK+gSRQN0ckFo3q8MZuzL49VU6JAF
PDruJLd7c7ahtyIm2nri3BzDPO8z39h7IoeKD9Xnsl1vk+E1sFXKrJbFE9TVLIJW
9YDU+uDkYpy/ZcSFLQg2yikrFFPjoniKLJvh33mqlji4Wfz6y1jULSWGakILYOua
ZOobdHbQ6kEz9wxpHFCNz7OQEbtXxqFAv6WiDZKicU0ehCbfTqQs6q5T42atm1Mc
E9cbGGS18y9PoPv7MvAeAGA2fAL+E07z4Yivoxw7PfaEYkFZhc/SDcpgDtyKlgrz
EleAM/bR2U/tWK7Y0t5X9wLYNSnlqV0eEVNGlC1sySh4ZeinMMvOc602W2t8rSrd
Gzuiq1pORb6MzsmzGnmo6Vc7vgGKo/m2JNg0XOBRQO2tSmSilKlactvfwKcxxUnp
veL7V3mHGvtaz0yjiPzljiZcTT1G72yrXfz+aJtpu4LS9HUY350=
=gnr5
-----END PGP SIGNATURE-----


Reply to: