Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2022:0013

Issued: 2022-02-24
Updated: 2022-02-24

Summary

openldap security update

Severity

Moderate

Description

Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:

CVE-2020-25709:
A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

CVE-2020-25710:
A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

References

Updated Packages