Advisory: CLSA-2025:1758636652
OS: Oracle Linux 6 ELS
Public date: 2025-09-23 14:10:54.079769
Project: openldap
Version: 2.4.58-1.el6.tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/oraclelinux6els/CLSA-2025-1758636652.html
- Rebase to 2.4.58 to fix the following vulnerabilities: - CVE-2020-12243: fix denial of service caused by LDAP search filters with nested boolean expressions - CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing - CVE-2020-36223: fix slapd crash in the Values Return Filter control handling - CVE-2020-36226: fix slapd crash in the saslAuthzTo processing - CVE-2020-36228: fix slapd crash in the Certificate List Exact Assertion processing - CVE-2020-36225: fix double free and slapd crash in the saslAuthzTo processing - CVE-2020-36227: fix infinite loop in slapd with the cancel_extop Cancel operation - CVE-2020-36230: fix assertion failure in slapd in the X.509 DN parsing in decode.c - CVE-2020-25692: fix NULL pointer dereference during a request for renaming RDNs - CVE-2020-25709: fix assertion failure caused by processing malicious packet - CVE-2020-36224: fix invalid pointer free and slapd crash in the saslAuthzTo processing - CVE-2020-36229: fix slapd crash in the X.509 DN parsing in ad_keystring - CVE-2020-25710: fix failed assertion in csnNormalize23() - CVE-2020-36222: fix assertion failure in slapd in the saslAuthzTo validation
Update command: yum update openldap*
openldap-2.4.58-1.el6.tuxcare.els1.i686.rpm openldap-2.4.58-1.el6.tuxcare.els1.x86_64.rpm openldap-clients-2.4.58-1.el6.tuxcare.els1.x86_64.rpm openldap-devel-2.4.58-1.el6.tuxcare.els1.i686.rpm openldap-devel-2.4.58-1.el6.tuxcare.els1.x86_64.rpm openldap-servers-2.4.58-1.el6.tuxcare.els1.x86_64.rpm openldap-servers-sql-2.4.58-1.el6.tuxcare.els1.x86_64.rpm