MEDIUM6.8
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P
ALT-PU-2015-2188-1Обновление пакета openldap2.4 в ветке c6
Серьёзность:
Закрытые проблемы (3)
MEDIUM4.3
libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive information.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:NСсылки
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
- http://rhn.redhat.com/errata/RHSA-2012-1151.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
- http://www.openldap.org/its/index.cgi?findid=7285
- http://www.openwall.com/lists/oss-security/2012/06/05/4
- http://www.openwall.com/lists/oss-security/2012/06/06/1
- http://www.openwall.com/lists/oss-security/2012/06/06/2
- http://www.securityfocus.com/bid/53823
- http://www.securitytracker.com/id?1027127
- https://bugzilla.redhat.com/show_bug.cgi?id=825875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676309
- http://rhn.redhat.com/errata/RHSA-2012-1151.html
- http://seclists.org/fulldisclosure/2019/Dec/26
- http://security.gentoo.org/glsa/glsa-201406-36.xml
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commitdiff%3Bh=2c2bb2e
- http://www.openldap.org/its/index.cgi?findid=7285
- http://www.openwall.com/lists/oss-security/2012/06/05/4
- http://www.openwall.com/lists/oss-security/2012/06/06/1
- http://www.openwall.com/lists/oss-security/2012/06/06/2
- http://www.securityfocus.com/bid/53823
- http://www.securitytracker.com/id?1027127
- https://bugzilla.redhat.com/show_bug.cgi?id=825875
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76099
- https://seclists.org/bugtraq/2019/Dec/23
- https://support.apple.com/kb/HT210788
MEDIUM5.0
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PСсылки
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2015-1840.html
- http://www.debian.org/security/2015/dsa-3356
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- http://www.securityfocus.com/bid/76714
- http://www.securitytracker.com/id/1033534
- http://www.ubuntu.com/usn/USN-2742-1
- https://support.apple.com/HT205637
- http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html
- http://rhn.redhat.com/errata/RHSA-2015-1840.html
- http://www.debian.org/security/2015/dsa-3356
- http://www.openldap.org/devel/gitweb.cgi?p=openldap.git%3Ba=commit%3Bh=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
- http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.security-assessment.com/files/documents/advisory/OpenLDAP-ber_get_next-Denial-of-Service.pdf
- http://www.securityfocus.com/bid/76714
- http://www.securitytracker.com/id/1033534
- http://www.ubuntu.com/usn/USN-2742-1
- https://support.apple.com/HT205637