Ubuntu has issued an advisory today (November 17): https://ubuntu.com/security/notices/USN-4634-1 The issues are fixed upstream in 2.4.56. The Ubuntu CVE pages link the upstream commits that fixed the issues.
Version: Cauldron => 7
Status comment: (none) => Patches available from upstream
openldap-2.4.50-1.3.mga7.src.rpm submitted to core/updates_testing for Mageia 7.
Status: NEW => ASSIGNEDCC: (none) => bgmilneAssignee: bgmilne => bugsquad
Advisory: ======================== Updated openldap packages fix security vulnerabilities: It was discovered that OpenLDAP incorrectly handled certain malformed inputs. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service (CVE-2020-25709, CVE-2020-25710). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25710 https://ubuntu.com/security/notices/USN-4634-1 ======================== Updated packages in core/updates_testing: ======================== openldap-2.4.50-1.3.mga7 openldap-servers-2.4.50-1.3.mga7 openldap-servers-devel-2.4.50-1.3.mga7 openldap-clients-2.4.50-1.3.mga7 libldap2.4_2-2.4.50-1.3.mga7 libldap2.4_2-devel-2.4.50-1.3.mga7 libldap2.4_2-static-devel-2.4.50-1.3.mga7 openldap-back_sql-2.4.50-1.3.mga7 openldap-back_bdb-2.4.50-1.3.mga7 openldap-back_mdb-2.4.50-1.3.mga7 openldap-doc-2.4.50-1.3.mga7 openldap-tests-2.4.50-1.3.mga7 openldap-testprogs-2.4.50-1.3.mga7 from openldap-2.4.50-1.3.mga7.src.rpm
Status comment: Patches available from upstream => (none)Assignee: bugsquad => qa-bugs
I found openldap already installed, and installed the rest of the packages, then updated using QA Repo. No installation issues. Referenced bug 25286 comment 6 for tests. (Thank you, Herman.) # systemctl start slapd # systemctl status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2021-01-17 16:46:15 EST; 20s ago Process: 27071 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SU> Process: 27111 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${S> Main PID: 27112 (slapd) Tasks: 3 (limit: 4915) Memory: 3.2M CGroup: /system.slice/slapd.service └─27112 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0 Jan 17 16:46:13 localhost.localdomain systemd[1]: Starting OpenLDAP Server Daemon... Jan 17 16:46:13 localhost.localdomain su[27079]: (to ldap) root on none Jan 17 16:46:13 localhost.localdomain su[27079]: pam_unix(su:session): session opened for user ldap b> Jan 17 16:46:13 localhost.localdomain su[27079]: pam_unix(su:session): session closed for user ldap Jan 17 16:46:13 localhost.localdomain ldap-config[27071]: Checking config file /etc/openldap/slapd.co> Jan 17 16:46:15 localhost.localdomain systemd[1]: Started OpenLDAP Server Daemon. $ ldapsearch -x -b '' -s base supportedFeatures # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedFeatures # # dn: supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 $ make -C /usr/share/openldap/tests test make: Entering directory '/usr/share/openldap/tests' make[1]: Entering directory '/usr/share/openldap/tests' Initiating LDAP tests for BDB... Running ./scripts/all for bdb... >>>>> Executing all LDAP tests for bdb >>>>> Starting test000-rootdse for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to retrieve the root DSE... Using ldapsearch to retrieve the cn=Subschema... Using ldapsearch to retrieve the cn=Monitor... dn: objectClass: top objectClass: OpenLDAProotDSE structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: o=OpenLDAP Project,l=Internet monitorContext: cn=Monitor supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.1.22 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM vendorName: The OpenLDAP Project <http://www.openldap.org/> entryDN: subschemaSubentry: cn=Subschema And, as Herman put it, lots more. I didn't see any errors pop up, so, like Herman, I'm calling this OK. Validating. Advisory in Comment 2.
Whiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
CC: (none) => ouaurelienCVE: (none) => CVE-2020-25709, CVE-2020-25710Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0046.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED