SUSE-SU-2020:1859-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2020:1859-1

UNKNOWN

Security update for openldap2

Published Jul 6, 2020

Modified 5 years ago

Fix available

Details

This update for openldap2 fixes the following issues:

CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698).
Changed DB_CONFIG to root:ldap permissions (bsc#1172704).
Fixed an issue where slapd becomes unresponsive after many failed login/bind attempts(bsc#1170715).

Affected Packages

libldap-2_4-2

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

libldap-2_4-2-32bit

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

openldap2

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

openldap2-back-meta

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

openldap2-client

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

openldap2-doc

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.4.41-18.71.2

openldap2-ppolicy-check-password

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCLSUSE Linux Enterprise Server 12 SP3-LTSS

Fixed in:

1.2-18.71.2

openldap2-back-perl

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.4.41-18.71.2

openldap2-devel

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.4.41-18.71.2

openldap2-devel-static

SUSE Linux Enterprise Software Development Kit 12 SP4SUSE Linux Enterprise Software Development Kit 12 SP5

Fixed in:

2.4.41-18.71.2

References

https://bugzilla.suse.com/1170715

https://bugzilla.suse.com/1172698

https://bugzilla.suse.com/1172704

https://www.suse.com/security/cve/CVE-2020-8023

https://www.suse.com/support/update/announcement/2020/suse-su-20201859-1/

Upstream

Related

Ecosystems(17)

SUSE Enterprise Storage 5 SUSE HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL

Timeline

PublishedJul 6, 2020

ModifiedJul 6, 2020