{"id":"MGASA-2021-0105","summary":"Updated openldap packages fix security vulnerabilities","details":"It was discovered that OpenLDAP incorrectly handled Certificate Exact\nAssertion processing. A remote attacker could possibly use this issue to cause\nOpenLDAP to crash, resulting in a denial of service (CVE-2020-36221).\n\nIt was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. A\nremote attacker could use this issue to cause OpenLDAP to crash, resulting in\na denial of service, or possibly execute arbitrary code (CVE-2020-36222,\nCVE-2020-36224, CVE-2020-36225, CVE-2020-36226).\n\nIt was discovered that OpenLDAP incorrectly handled Return Filter control\nhandling. A remote attacker could use this issue to cause OpenLDAP to crash,\nresulting in a denial of service, or possibly execute arbitrary code\n(CVE-2020-36223).\n\nIt was discovered that OpenLDAP incorrectly handled certain cancel operations.\nA remote attacker could possibly use this issue to cause OpenLDAP to crash,\nresulting in a denial of service (CVE-2020-36227).\n\nIt was discovered that OpenLDAP incorrectly handled Certificate List Extract\nAssertion processing. A remote attacker could possibly use this issue to cause\nOpenLDAP to crash, resulting in a denial of service (CVE-2020-36228).\n\nIt was discovered that OpenLDAP incorrectly handled X.509 DN parsing. A remote\nattacker could possibly use this issue to cause OpenLDAP to crash, resulting\nin a denial of service (CVE-2020-36229, CVE-2020-36230).\n\nPasi Saarinen discovered that OpenLDAP incorrectly handled certain short\ntimestamps. A remote attacker could possibly use this issue to cause OpenLDAP\nto crash, resulting in a denial of service (CVE-2021-27212).\n","modified":"2026-04-16T04:44:36.319605859Z","published":"2021-03-04T16:53:32Z","upstream":["CVE-2020-36221","CVE-2020-36222","CVE-2020-36223","CVE-2020-36224","CVE-2020-36225","CVE-2020-36226","CVE-2020-36227","CVE-2020-36228","CVE-2020-36229","CVE-2020-36230","CVE-2021-27212"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0105.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28300"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4724-1"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4744-1"}],"affected":[{"package":{"name":"openldap","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/openldap?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.50-1.4.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0105.json"}},{"package":{"name":"openldap","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/openldap?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.57-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0105.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}