Oracle Linux 8 : openldap (ELSA-2024-4264)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-4264 advisory. 2.4.46-19 - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in bermemallocx function Tenable has extracted the preceding...

openldap: null pointer dereference in ber_memalloc_x function

A vulnerability was found in OpenLDAP, in bermemallocx function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service...

Low: Red Hat Security Advisory: openldap security update

An update for openldap is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 8 : openldap (RHSA-2024:4264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4264 advisory. OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocols used to...

ALSA-2024:4264 Low: openldap security update

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fixes: openldap: null pointer dereference in bermemallo...

openldap security update

2.4.46-19 - Bump version to 2.4.46-19 - Resolves: RHEL-34283 - openldap: null pointer dereference in bermemallocx function...

Low: openldap security update

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol LDAP applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fixes: openldap: null pointer dereference in bermemallo...

Advisory ROSA-SA-2024-2439

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...

K000140042: libldap vulnerability CVE-2020-15719

Security Advisory Description libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName SAN. This is fixed in, for example, openldap-2.4.46-10.el8 i...

K000140040: OpenLDAP slapd vulnerabilities CVE-2020-36230, CVE-2020-36229, CVE-2017-17740, CVE-2017-9287, and CVE-2017-14159

Security Advisory Description CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c bernextelement, resulting in denial of service. CVE-2020-36229 A flaw was discovered in ldapX509dn2bv in OpenLDAP before 2.4.57...

SUSE CVE-2020-25709

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP's slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability...

RHEL 6 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: incorrect multi-keyword mode cipherstring parsing CVE-2015-3276 -...

RHEL 5 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file...

RHEL 7 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: ACL restrictions bypass due to saslssf value being set permanently CVE-2019-13565 -...

RHEL 4 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap: bergetnext denial of service vulnerability CVE-2015-6908 Note that Nessus has not tested for this issue b...

Security Bulletin: Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1

Summary Security vulnerability found in openldap package shipped with IBM CICS TX Advanced 10.1. IBM CICS TX Advanced has addressed the applicable issue. Vulnerability Details CVEID:CVE-2023-2953 DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by a NULL pointer dereference flaw...

RHEL 5 : openldap-servers (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...

RHEL 7 : openldap-servers (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...

RHEL 6 : openldap-servers (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openldap-servers: /usr/libexec/openldap/generate-server-cert.sh create world readable password file CVE-2016-4984...

RHEL 6 : openldap (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openldap: OpenLDAP SQL injection CVE-2022-29155 - servers/slapd/back-mdb/search.c in OpenLDAP through...