-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2481-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 04, 2020 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : openldap Version : 2.4.44+dfsg-5+deb9u6 CVE ID : CVE-2020-25709 CVE-2020-25710 Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets. For Debian 9 stretch, these problems have been fixed in version 2.4.44+dfsg-5+deb9u6. We recommend that you upgrade your openldap packages. For the detailed security status of openldap please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openldap Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/KcyEACgkQgj6WdgbD S5bsBA//RNAplKYC+P0Ekrx387pW58ictIeUQLMJ2WrpPD1+ufrBqjqTNMpsvYa0 ExSYfc2dKLIH8QdehRniaYAZUAj9VntZ+EozW4j8jmb/zjj/UHC8s8w2yKhyvlcv JsMQR97t2ism2fx7sCjaiM1VQfP8g8Vmy2anoKj2xT3k9vDYt4GhSrXNCrEf43MA Q4C+eVJXupiwKidiXvvUYvZEb+xYKBIr9Dh4LQ7EoYBjDiMtOA9XDA0ykeYr6O7f Zt3Fj/+kX339jY2itpJJoIeeS38BUPcL9s6QkIPRbQczXl3upBEOXvTwNHPlplDQ 9WJf6ADqUpKp9P1LbWqNK3wS9xUdsqPxGhFN2Lu+abDALVia9eHa/4ljuaIpyrqs uE9skxqxHtYg9wKmpJHLexbHwNHOoF/zBnQOF9iuq/XJG9+Az7l94BBaD4DgcBl8 Fq+3JhynLQJnsXZ9W5kw7yrDyUBux9ZveLUQwzSGtMliOCjhGXY0IQMccw7akUa7 BP5IlOR+lsCWpmBqMNopxoaF5YIW+8v4B1ldVnAwAAwACHLPzvf7usXSOjtys6Z5 sy2LHcL6vftUP2Uz9km7Egf7aL4OoA7ryFyWX4HDqmeg6qQq5z8LJTxIRB8ZBrXG 2W8aQetmrcHlAbHKL8msbbNcWpHDxgZR4Stg3podJKZIUKOb+SQ= =0GdE -----END PGP SIGNATURE-----
