RHSA-2021:1389

Affecting openldap package, versions <0:2.4.44-23.el7_9

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Centos:7 relevant versions.

OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Remediation

Upgrade Centos:7 openldap to version 0:2.4.44-23.el7_9 or higher.

References

CVE
RHSA-2021:1389
Snyk ID
SNYK-CENTOS7-OPENLDAP-1285081
Published
05 May, 2021