An update for openldap is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1244 Final 1.0 1.0 2021-06-26 Initial 2021-06-26 2021-06-26 openEuler SA Tool V1.0 2021-06-26 openldap security update An update for openldap is now available for openEuler-20.03-LTS-SP1. OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.(CVE-2020-25710) An update for openldap is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High openldap https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1244 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-25710 https://nvd.nist.gov/vuln/detail/CVE-2020-25710 openEuler-20.03-LTS-SP1 openldap-devel-2.4.50-6.oe1.aarch64.rpm openldap-servers-2.4.50-6.oe1.aarch64.rpm openldap-debuginfo-2.4.50-6.oe1.aarch64.rpm openldap-clients-2.4.50-6.oe1.aarch64.rpm openldap-debugsource-2.4.50-6.oe1.aarch64.rpm openldap-2.4.50-6.oe1.aarch64.rpm openldap-help-2.4.50-6.oe1.noarch.rpm openldap-2.4.50-6.oe1.src.rpm openldap-debugsource-2.4.50-6.oe1.x86_64.rpm openldap-clients-2.4.50-6.oe1.x86_64.rpm openldap-2.4.50-6.oe1.x86_64.rpm openldap-devel-2.4.50-6.oe1.x86_64.rpm openldap-debuginfo-2.4.50-6.oe1.x86_64.rpm openldap-servers-2.4.50-6.oe1.x86_64.rpm A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. 2021-06-26 CVE-2020-25710 openEuler-20.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H openldap security update 2021-06-26 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1244