[SECURITY] [DLA 2199-1] openldap security update

2020-05-0212:52:54

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.124 Low

EPSS

Percentile

95.3%

JSON

Package : openldap
Version : 2.4.40+dfsg-1+deb8u6
CVE ID : CVE-2020-12243

A vulnerability was discovered in OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol. LDAP search filters with nested
boolean expressions can result in denial of service (slapd daemon
crash).

For Debian 8 "Jessie", this problem has been fixed in version
2.4.40+dfsg-1+deb8u6.

We recommend that you upgrade your openldap packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature

OSVersionArchitecturePackageVersionFilename
Debian10ppc64elldap-utils-dbgsym< 2.4.47+dfsg-3+deb10u2ldap-utils-dbgsym_2.4.47+dfsg-3+deb10u2_ppc64el.deb
Debian9armhflibldap-2.4-2-dbg< 2.4.44+dfsg-5+deb9u4libldap-2.4-2-dbg_2.4.44+dfsg-5+deb9u4_armhf.deb
Debian10ppc64elslapd-contrib< 2.4.47+dfsg-3+deb10u2slapd-contrib_2.4.47+dfsg-3+deb10u2_ppc64el.deb
Debian10armellibldap-2.4-2-dbgsym< 2.4.47+dfsg-3+deb10u2libldap-2.4-2-dbgsym_2.4.47+dfsg-3+deb10u2_armel.deb
Debian9mips64elslapd< 2.4.44+dfsg-5+deb9u4slapd_2.4.44+dfsg-5+deb9u4_mips64el.deb
Debian10mips64ellibldap2-dev< 2.4.47+dfsg-3+deb10u2libldap2-dev_2.4.47+dfsg-3+deb10u2_mips64el.deb
Debian9mipsslapd-dbg< 2.4.44+dfsg-5+deb9u4slapd-dbg_2.4.44+dfsg-5+deb9u4_mips.deb
Debian9armelslapd-smbk5pwd-dbgsym< 2.4.44+dfsg-5+deb9u4slapd-smbk5pwd-dbgsym_2.4.44+dfsg-5+deb9u4_armel.deb
Debian10arm64ldap-utils-dbgsym< 2.4.47+dfsg-3+deb10u2ldap-utils-dbgsym_2.4.47+dfsg-3+deb10u2_arm64.deb
Debian10mipselslapd< 2.4.47+dfsg-3+deb10u2slapd_2.4.47+dfsg-3+deb10u2_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	ppc64el	ldap-utils-dbgsym	< 2.4.47+dfsg-3+deb10u2	ldap-utils-dbgsym_2.4.47+dfsg-3+deb10u2_ppc64el.deb
Debian	9	armhf	libldap-2.4-2-dbg	< 2.4.44+dfsg-5+deb9u4	libldap-2.4-2-dbg_2.4.44+dfsg-5+deb9u4_armhf.deb
Debian	10	ppc64el	slapd-contrib	< 2.4.47+dfsg-3+deb10u2	slapd-contrib_2.4.47+dfsg-3+deb10u2_ppc64el.deb
Debian	10	armel	libldap-2.4-2-dbgsym	< 2.4.47+dfsg-3+deb10u2	libldap-2.4-2-dbgsym_2.4.47+dfsg-3+deb10u2_armel.deb
Debian	9	mips64el	slapd	< 2.4.44+dfsg-5+deb9u4	slapd_2.4.44+dfsg-5+deb9u4_mips64el.deb
Debian	10	mips64el	libldap2-dev	< 2.4.47+dfsg-3+deb10u2	libldap2-dev_2.4.47+dfsg-3+deb10u2_mips64el.deb
Debian	9	mips	slapd-dbg	< 2.4.44+dfsg-5+deb9u4	slapd-dbg_2.4.44+dfsg-5+deb9u4_mips.deb
Debian	9	armel	slapd-smbk5pwd-dbgsym	< 2.4.44+dfsg-5+deb9u4	slapd-smbk5pwd-dbgsym_2.4.44+dfsg-5+deb9u4_armel.deb
Debian	10	arm64	ldap-utils-dbgsym	< 2.4.47+dfsg-3+deb10u2	ldap-utils-dbgsym_2.4.47+dfsg-3+deb10u2_arm64.deb
Debian	10	mipsel	slapd	< 2.4.47+dfsg-3+deb10u2	slapd_2.4.47+dfsg-3+deb10u2_mipsel.deb