{"id":"CLSA-2025-1758636652","summary":"openldap: Fix of 14 CVEs","details":"- Rebase to 2.4.58 to fix the following vulnerabilities:\n- CVE-2020-12243: fix denial of service caused by LDAP search filters with nested\n  boolean expressions\n- CVE-2020-36221: fix integer underflow in the Certificate Exact Assertion processing\n- CVE-2020-36223: fix slapd crash in the Values Return Filter control handling\n- CVE-2020-36226: fix slapd crash in the saslAuthzTo processing\n- CVE-2020-36228: fix slapd crash in the Certificate List Exact Assertion processing\n- CVE-2020-36225: fix double free and slapd crash in the saslAuthzTo processing\n- CVE-2020-36227: fix infinite loop in slapd with the cancel_extop Cancel operation\n- CVE-2020-36230: fix assertion failure in slapd in the X.509 DN parsing in decode.c\n- CVE-2020-25692: fix NULL pointer dereference during a request for renaming RDNs\n- CVE-2020-25709: fix assertion failure caused by processing malicious packet\n- CVE-2020-36224: fix invalid pointer free and slapd crash in the saslAuthzTo\n  processing\n- CVE-2020-36229: fix slapd crash in the X.509 DN parsing in ad_keystring\n- CVE-2020-25710: fix failed assertion in csnNormalize23()\n- CVE-2020-36222: fix assertion failure in slapd in the saslAuthzTo validation","modified":"2026-05-27T11:33:22.487354422Z","published":"2026-04-22T09:20:05Z","upstream":["CVE-2020-12243","CVE-2020-25692","CVE-2020-25709","CVE-2020-25710","CVE-2020-36221","CVE-2020-36222","CVE-2020-36223","CVE-2020-36224","CVE-2020-36225","CVE-2020-36226","CVE-2020-36227","CVE-2020-36228","CVE-2020-36229","CVE-2020-36230"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux6els/CLSA-2025-1758636652.html"}],"affected":[{"package":{"name":"openldap","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/openldap?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2025-1758636652.json"}},{"package":{"name":"openldap-clients","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/openldap-clients?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2025-1758636652.json"}},{"package":{"name":"openldap-devel","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/openldap-devel?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2025-1758636652.json"}},{"package":{"name":"openldap-servers","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/openldap-servers?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2025-1758636652.json"}},{"package":{"name":"openldap-servers-sql","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/openldap-servers-sql?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.58-1.el6.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2025-1758636652.json"}}],"schema_version":"1.7.5"}