| Summary: | openldap new security issues CVE-2020-3622[1-9], CVE-2020-36230, CVE-2021-27212 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | herman.viaene, mageia, ouaurelien, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7TOO MGA7-64-OK MGA8-64-OK | ||
| Source RPM: | openldap-2.4.50-1.3.mga7.src.rpm | CVE: | CVE-2020-3622[1-9], CVE-2020-36230 |
| Status comment: | |||
|
Description
David Walser
2021-02-05 23:43:39 CET
Hi, thanks for reporting this. Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it) CC:
(none) =>
ouaurelien Ubuntu has issued an advisory for this today (February 8): https://ubuntu.com/security/notices/USN-4724-1 Debian has issued an advisory on February 20: https://www.debian.org/security/2021/dsa-4860 The issue was fixed upstream after 2.4.57. Summary:
openldap new security issues CVE-2020-3622[1-9] and CVE-2020-36230 =>
openldap new security issues CVE-2020-3622[1-9], CVE-2020-36230, CVE-2021-27212 Ubuntu has issued an advisory for CVE-2021-27212 on February 22: https://ubuntu.com/security/notices/USN-4744-1 cauldron is now fixed for CVE-2021-27212 Whiteboard:
MGA8TOO, MGA7TOO =>
MGA7TOO fix added for mageia 8:
src:
openldap-2.4.57-1.1.mga8
Fix added for mageia 7: ( CVE-2020-3622[1-9], CVE-2020-36230, CVE-2021-27212 )
src:
openldap-2.4.50-1.4.mga7Assignee:
bgmilne =>
qa-bugs Package list: openldap-2.4.50-1.4.mga7 openldap-servers-2.4.50-1.4.mga7 openldap-servers-devel-2.4.50-1.4.mga7 openldap-clients-2.4.50-1.4.mga7 libldap2.4_2-2.4.50-1.4.mga7 libldap2.4_2-devel-2.4.50-1.4.mga7 libldap2.4_2-static-devel-2.4.50-1.4.mga7 openldap-back_sql-2.4.50-1.4.mga7 openldap-back_bdb-2.4.50-1.4.mga7 openldap-back_mdb-2.4.50-1.4.mga7 openldap-doc-2.4.50-1.4.mga7 openldap-tests-2.4.50-1.4.mga7 openldap-testprogs-2.4.50-1.4.mga7 openldap-2.4.57-1.1.mga8 openldap-servers-2.4.57-1.1.mga8 openldap-doc-2.4.57-1.1.mga8 libldap2.4_2-static-devel-2.4.57-1.1.mga8 openldap-tests-2.4.57-1.1.mga8 libldap2.4_2-devel-2.4.57-1.1.mga8 libldap2.4_2-2.4.57-1.1.mga8 openldap-clients-2.4.57-1.1.mga8 openldap-back_bdb-2.4.57-1.1.mga8 openldap-testprogs-2.4.57-1.1.mga8 openldap-back_mdb-2.4.57-1.1.mga8 openldap-back_sql-2.4.57-1.1.mga8 openldap-servers-devel-2.4.57-1.1.mga8 from SRPMS: openldap-2.4.50-1.4.mga7.src.rpm openldap-2.4.57-1.1.mga8.src.rpm Status comment:
Patches available from upstream and Debian =>
(none) MGA7-64 MATE on Peaq C1011 No installation issues Ref bug 27625 for tests # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: inactive (dead) # systemctl start slapd # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2021-03-02 10:55:04 CET; 3s ago Process: 7818 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS) Process: 7860 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCAL> Main PID: 7861 (slapd) Tasks: 3 (limit: 2285) Memory: 3.4M CGroup: /system.slice/slapd.service └─7861 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0 Mar 02 10:55:03 mach7.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon... Mar 02 10:55:03 mach7.hviaene.thuis su[7826]: (to ldap) root on none Mar 02 10:55:03 mach7.hviaene.thuis su[7826]: pam_unix(su:session): session opened for user ldap by (uid=0) Mar 02 10:55:03 mach7.hviaene.thuis su[7826]: pam_unix(su:session): session closed for user ldap Mar 02 10:55:03 mach7.hviaene.thuis ldap-config[7818]: Checking config file /etc/openldap/slapd.conf: [ OK ] Mar 02 10:55:04 mach7.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon. Then as normal user: $ ldapsearch -x -b '' -s base supportedFeatures # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedFeatures # # dn: supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 and $ make -C /usr/share/openldap/tests test make: Entering directory '/usr/share/openldap/tests' make[1]: Entering directory '/usr/share/openldap/tests' Initiating LDAP tests for BDB... Cleaning up test run directory leftover from previous run. Running ./scripts/all for bdb... >>>>> Executing all LDAP tests for bdb >>>>> Starting test000-rootdse for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to retrieve the root DSE... Using ldapsearch to retrieve the cn=Subschema... Using ldapsearch to retrieve the cn=Monitor... dn: objectClass: top objectClass: OpenLDAProotDSE structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: o=OpenLDAP Project,l=Internet monitorContext: cn=Monitor supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.1.22 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 at the end Test succeeded >>>>> test065-proxyauthz completed OK for mdb. 0 tests for mdb were skipped. make[1]: Leaving directory '/usr/share/openldap/tests' make: Leaving directory '/usr/share/openldap/tests' The complete test runs for over an hour, all tests completed with success. Good enough. Whiteboard:
MGA7TOO =>
MGA7TOO MGA7-64-OK Advisory: ======================== Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36221). It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226). It was discovered that OpenLDAP incorrectly handled Return Filter control handling. A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2020-36223). It was discovered that OpenLDAP incorrectly handled certain cancel operations. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36227). It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36228). It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-36229, CVE-2020-36230). Pasi Saarinen discovered that OpenLDAP incorrectly handled certain short timestamps. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2021-27212). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36223 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36224 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36225 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212 https://ubuntu.com/security/notices/USN-4724-1 https://ubuntu.com/security/notices/USN-4744-1 MGA8-64 Same tests as above in Comment 9 with same results. OK for me. Whiteboard:
MGA7TOO MGA7-64-OK =>
MGA7TOO MGA7-64-OK MGA8-64-OK
Aurelien Oudelet
2021-03-04 15:53:52 CET
CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0105.html Resolution:
(none) =>
FIXED |