[SUSE-SU-2016:0224-1] Security update for openldap2
Severity
Important
Affected Packages
34
CVEs
2
Security update for openldap2
This update fixes the following security issues:
- CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. (bsc#945582)
- CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766)
It also fixes the following non-security bugs:
- bsc#955210: Unresponsive LDAP host lookups in IPv6 environment
This update adds the following functionality:
- fate#319300: SHA2 password hashing module that can be loaded on-demand.
- ID
- SUSE-SU-2016:0224-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20160224-1/
- Published
-
2016-01-25T08:47:53
(8 years ago) - Modified
-
2016-01-25T08:47:53
(8 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2015-550
- ALAS-2015-569
- ALAS-2015-570
- ALAS-2015-571
- ALAS-2015-586
- ALAS-2015-599
- DSA-3287-1
- DSA-3300-1
- DSA-3316-1
- DSA-3324-1
- DSA-3339-1
- DSA-3356-1
- DSA-3688-1
- ELSA-2015-1072
- ELSA-2015-1185
- ELSA-2015-1197
- ELSA-2015-1228
- ELSA-2015-1229
- ELSA-2015-1230
- ELSA-2015-1526
- ELSA-2015-1840
- FEDORA-2015-10047
- FEDORA-2015-10108
- FEDORA-2015-11414
- FEDORA-2015-11475
- FEDORA-2015-9048
- FEDORA-2015-9130
- FEDORA-2015-9161
- FREEBSD:44D9DAEE-940C-4179-86BB-6E3FFD617869
- FREEBSD:4910D161-58A4-11E5-9AD8-14DAE9D210B8
- FREEBSD:8305E215-1080-11E5-8BA2-000C2980A9F3
- GLSA-201506-02
- GLSA-201512-10
- GLSA-201603-11
- GLSA-201605-06
- GLSA-201701-46
- RHSA-2015:1072
- RHSA-2015:1185
- RHSA-2015:1228
- RHSA-2015:1229
- RHSA-2015:1485
- RHSA-2015:1486
- RHSA-2015:1526
- RHSA-2015:1544
- RHSA-2015:1840
- SUSE-SU-2015:0182-2
- SUSE-SU-2015:0543-1
- SUSE-SU-2015:0545-1
- SUSE-SU-2015:0545-2
- SUSE-SU-2015:0546-1
- SUSE-SU-2015:0547-1
- SUSE-SU-2015:0578-1
- SUSE-SU-2015:0620-1
- SUSE-SU-2015:0946-1
- SUSE-SU-2015:1143-1
- SUSE-SU-2015:1150-1
- SUSE-SU-2015:1177-1
- SUSE-SU-2015:1177-2
- SUSE-SU-2015:1182-1
- SUSE-SU-2015:1182-2
- SUSE-SU-2015:1183-1
- SUSE-SU-2015:1183-2
- SUSE-SU-2015:1184-1
- SUSE-SU-2015:1184-2
- SUSE-SU-2015:1185-1
- SUSE-SU-2015:1268-1
- SUSE-SU-2015:1268-2
- SUSE-SU-2015:1269-1
- SUSE-SU-2015:1319-1
- SUSE-SU-2015:1320-1
- SUSE-SU-2015:1329-1
- SUSE-SU-2015:1331-1
- SUSE-SU-2015:1345-1
- SUSE-SU-2015:1375-1
- SUSE-SU-2015:1449-1
- SUSE-SU-2015:1482-1
- SUSE-SU-2015:1509-1
- SUSE-SU-2015:1526-1
- SUSE-SU-2015:1544-1
- SUSE-SU-2015:1581-1
- SUSE-SU-2015:1663-1
- SUSE-SU-2015:1695-1
- SUSE-SU-2015:1840-1
- SUSE-SU-2015:1851-1
- SUSE-SU-2016:0090-1
- SUSE-SU-2016:0262-1
- SUSE-SU-2016:0344-1
- SUSE-SU-2016:0778-1
- SUSE-SU-2016:1618-1
- SUSE-SU-2016:2209-1
- SUSE-SU-2016:2385-1
- SUSE-SU-2018:1768-1
- SUSE-SU-2023:0586-1
- SUSE-SU-2023:4506-1
- SUSE-SU-2023:4507-1
- USN-2656-1
- USN-2656-2
- USN-2673-1
- USN-2696-1
- USN-2706-1
- USN-2742-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0224-1.json | |
Suse | URL for SUSE-SU-2016:0224-1 | https://www.suse.com/support/update/announcement/2016/suse-su-20160224-1/ | |
Suse | E-Mail link for SUSE-SU-2016:0224-1 | https://lists.suse.com/pipermail/sle-security-updates/2016-January/001823.html | |
Bugzilla | SUSE Bug 937766 | https://bugzilla.suse.com/937766 | |
Bugzilla | SUSE Bug 945582 | https://bugzilla.suse.com/945582 | |
Bugzilla | SUSE Bug 955210 | https://bugzilla.suse.com/955210 | |
CVE | SUSE CVE CVE-2015-4000 page | https://www.suse.com/security/cve/CVE-2015-4000/ | |
CVE | SUSE CVE CVE-2015-6908 page | https://www.suse.com/security/cve/CVE-2015-6908/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/openldap2?arch=x86_64&distro=sles-12&sp=1 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2?arch=x86_64&distro=sles-12 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2?arch=s390x&distro=sles-12&sp=1 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2?arch=s390x&distro=sles-12 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2?arch=ppc64le&distro=sles-12&sp=1 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/openldap2?arch=ppc64le&distro=sles-12 | suse | openldap2 | < 2.4.41-18.13.4 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/openldap2-client?arch=x86_64&distro=sles-12&sp=1 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-client?arch=x86_64&distro=sles-12 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-client?arch=x86_64&distro=sled-12&sp=1 | suse | openldap2-client | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-client?arch=x86_64&distro=sled-12 | suse | openldap2-client | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-client?arch=s390x&distro=sles-12&sp=1 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2-client?arch=s390x&distro=sles-12 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2-client?arch=ppc64le&distro=sles-12&sp=1 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/openldap2-client?arch=ppc64le&distro=sles-12 | suse | openldap2-client | < 2.4.41-18.13.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=x86_64&distro=sles-12&sp=1 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=x86_64&distro=sles-12 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=s390x&distro=sles-12&sp=1 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=s390x&distro=sles-12 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | s390x | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=ppc64le&distro=sles-12&sp=1 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/openldap2-back-meta?arch=ppc64le&distro=sles-12 | suse | openldap2-back-meta | < 2.4.41-18.13.4 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=x86_64&distro=sles-12&sp=1 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=x86_64&distro=sles-12 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=x86_64&distro=sled-12&sp=1 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=x86_64&distro=sled-12 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=s390x&distro=sles-12&sp=1 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=s390x&distro=sles-12 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=ppc64le&distro=sles-12&sp=1 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libldap-2_4-2?arch=ppc64le&distro=sles-12 | suse | libldap-2_4-2 | < 2.4.41-18.13.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=x86_64&distro=sles-12&sp=1 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=x86_64&distro=sles-12 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=x86_64&distro=sled-12&sp=1 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=x86_64&distro=sled-12 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sled-12 | x86_64 | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=s390x&distro=sles-12&sp=1 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/libldap-2_4-2-32bit?arch=s390x&distro=sles-12 | suse | libldap-2_4-2-32bit | < 2.4.41-18.13.1 | sles-12 | s390x |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |