USN-6616-1: OpenLDAP vulnerability

Operations Manager

0 more products

24669

15 July 2024

15 July 2024

CLOSED

LOW

CVE-2023-2953

Severity

low

Vendor

VMware Tanzu

Versions Affected

  • Canonical Ubuntu 22.04

Description

It was discovered that OpenLDAP was not properly performing bounds checks when executing functions related to LDAP URLs. An attacker could possibly use this issue to cause a denial of service. Update Instructions: Run `sudo pro fix USN-6616-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libldap-2.4-2 - 2.4.49+dfsg-2ubuntu1.10 libldap-common - 2.4.49+dfsg-2ubuntu1.10 slapd-contrib - 2.4.49+dfsg-2ubuntu1.10 slapi-dev - 2.4.49+dfsg-2ubuntu1.10 slapd-smbk5pwd - 2.4.49+dfsg-2ubuntu1.10 ldap-utils - 2.4.49+dfsg-2ubuntu1.10 libldap2-dev - 2.4.49+dfsg-2ubuntu1.10 slapd - 2.4.49+dfsg-2ubuntu1.10 No subscription required.

Fixed VMware Products and Versions

  • Operations Manager
    • 3.0.24+LTS-T or greater
  • Cflinuxfs4
    • 1.69.0 or greater
  • Jammy Stemcells
    • 1.360 or greater
  • Isolation Segment
    • 4.0.18+LTS-T or greater
    • 5.0 or greater
  • VMware Tanzu Application Service for VMs
    • 4.18+LTS-T or greater
    • 5.0.8 or greater

References

https://ubuntu.com/security/notices/USN-6616-1

https://www.cloudfoundry.org/blog/usn-6616-1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=usn-6616-1

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24669

History

2024-01-30: Initial vulnerability report published.