>>> Quanah Gibson-Mount <qua...@symas.com> schrieb am 22.03.2021 um 16:08 in Nachricht <0F2233BBFC3A030E35FD7AD5@[192.168.1.156]>:
> > --On Monday, March 22, 2021 8:20 AM +0000 Dario García Díaz-Miguel > <dgd...@gmv.com> wrote: > >> >> Thank you, appreciated. But as I told you, we are not allowed to use any >> external source that is not included and audited previously by a special >> security entity. > > Given there have been a number of security and remote crasher issues fixed > since that release, one would have to seriously question the efficacy of > company's system. To be fair, one should add that SUSE is backporting security fixes to their version. For example for the most recent update: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. * 0218-ITS-9423-ldap_X509dn2bv-check-for-invalid-BER-after-.patch - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. * 0220-ITS-9425-add-more-checks-to-ldap_X509dn2bv.patch - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. * 0221-ITS-9427-fix-issuerAndThisUpdateCheck.patch - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. * 0222-ITS-9428-fix-cancel-exop.patch - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0216-ITS-9412-fix-AVA_Sort-on-invalid-RDN.patch - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0215-ITS-9409-saslauthz-use-slap_sl_free-in-prev-commit.patch * 0214-ITS-9409-saslauthz-use-ch_free-on-normalized-DN.patch - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. * 0217-ITS-9413-fix-slap_parse_user.patch - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. * 0211-ITS-9406-9407-remove-saslauthz-asserts.patch * 0212-ITS-9406-fix-debug-msg.patch - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). * 0210-ITS-9404-fix-serialNumberAndIssuerCheck.patch * 0219-ITS-9424-fix-serialNumberAndIssuerSerialCheck.patch - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). * 0213-ITS-9408-fix-vrfilter-double-free.patch > > --Quanah > > > -- > > Quanah Gibson-Mount > Product Architect > Symas Corporation > Packaged, certified, and supported LDAP solutions powered by OpenLDAP: > <http://www.symas.com>
