USN-6616-1: OpenLDAP vulnerability
Severity
low
Vendor
VMware Tanzu
Versions Affected
- Canonical Ubuntu 22.04
Description
It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.49+dfsg-2ubuntu1.10 libldap-common - 2.4.49+dfsg-2ubuntu1.10 slapd-contrib - 2.4.49+dfsg-2ubuntu1.10 slapi-dev - 2.4.49+dfsg-2ubuntu1.10 slapd-smbk5pwd - 2.4.49+dfsg-2ubuntu1.10 ldap-utils - 2.4.49+dfsg-2ubuntu1.10 libldap2-dev - 2.4.49+dfsg-2ubuntu1.10 slapd - 2.4.49+dfsg-2ubuntu1.10 No subscription required.
Fixed VMware Products and Versions
- Operations Manager
- 3.0.24+LTS-T or greater
- Cflinuxfs4
- 1.69.0 or greater
- Jammy Stemcells
- 1.360 or greater
- Isolation Segment
- 4.0.18+LTS-T or greater
- 5.0 or greater
- VMware Tanzu Application Service for VMs
- 4.18+LTS-T or greater
- 5.0.8 or greater
References
https://ubuntu.com/security/notices/USN-6616-1
https://www.cloudfoundry.org/blog/usn-6616-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6616-1
History
2024-01-30: Initial vulnerability report published.