SUSE-SU-2020:2712-2

UNKNOWN

Security update for openldap2

Published Oct 22, 2020

Modified 5 years ago

Fix available

Details

This update for openldap2 fixes the following issues:

CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568).

Affected Packages(11 packages)

libldap-2_4-2

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

2.4.46-9.37.1

libldap-2_4-2-32bit

Fixed in:

2.4.46-9.37.1

libldap-data

Fixed in:

2.4.46-9.37.1

openldap2

Fixed in:

2.4.46-9.37.1

openldap2-client

Fixed in:

2.4.46-9.37.1

openldap2-devel

Fixed in:

2.4.46-9.37.1

openldap2-devel-32bit

Fixed in:

2.4.46-9.37.1

openldap2-devel-static

Fixed in:

2.4.46-9.37.1

openldap2-ppolicy-check-password

Fixed in:

1.2-9.37.1

openldap2-back-meta

SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

2.4.46-9.37.1

References

REPORT

https://bugzilla.suse.com/1175568

WEB

https://www.suse.com/security/cve/CVE-2020-8027

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20202712-2/

Upstream

CVE-2020-8027

Ecosystems

SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 15

Timeline

PublishedOct 22, 2020

ModifiedOct 22, 2020

SUSE-SU-2020:2712-2 | Mondoo Vulnerability Intelligence