An update for openldap is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1205 Final 1.0 1.0 2021-06-07 Initial 2021-06-07 2021-06-07 openEuler SA Tool V1.0 2021-06-07 openldap security update An update for openldap is now available for openEuler-20.03-LTS-SP1. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.(CVE-2020-25709) An update for openldap is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High openldap https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1205 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25709 https://nvd.nist.gov/vuln/detail/CVE-2020-25709 openEuler-20.03-LTS-SP1 openldap-devel-2.4.50-5.oe1.aarch64.rpm openldap-servers-2.4.50-5.oe1.aarch64.rpm openldap-debuginfo-2.4.50-5.oe1.aarch64.rpm openldap-clients-2.4.50-5.oe1.aarch64.rpm openldap-debugsource-2.4.50-5.oe1.aarch64.rpm openldap-2.4.50-5.oe1.aarch64.rpm openldap-help-2.4.50-5.oe1.noarch.rpm openldap-2.4.50-5.oe1.src.rpm openldap-debugsource-2.4.50-5.oe1.x86_64.rpm openldap-clients-2.4.50-5.oe1.x86_64.rpm openldap-2.4.50-5.oe1.x86_64.rpm openldap-devel-2.4.50-5.oe1.x86_64.rpm openldap-debuginfo-2.4.50-5.oe1.x86_64.rpm openldap-servers-2.4.50-5.oe1.x86_64.rpm A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. 2021-06-07 CVE-2020-25709 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-06-07 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1205