openldap: Multiple vulnerabilities (CVE-2020-25709, CVE-2020-25710)
CVE-2020-25709: assertion failure in Certificate List syntax validation
A malicious packet can force OpenLDAP to fail an assertion in certificateListValidate function in servers/slapd/schema_init.c.
Fixed In Version:
openldap 2.4.56
References:
- https://bugs.openldap.org/show_bug.cgi?id=9383
- https://security-tracker.debian.org/tracker/CVE-2020-25709
Patch:
https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65
CVE-2020-25710: assertion failure in CSN normalization with invalid input
A malicious packet can force OpenLDAP to fail an assertion in csnNormalize23 function in servers/slapd/schema_init.c.
Fixed In Version:
openldap 2.4.56
References:
- https://bugs.openldap.org/show_bug.cgi?id=9384
- https://security-tracker.debian.org/tracker/CVE-2020-25710
Patch:
https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2
Affected branches:
- master
- 3.12-stable
- 3.11-stable
- 3.10-stable
- 3.9-stable
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information