ALAS2023-2023-219


Amazon Linux 2023 Security Advisory: ALAS-2023-219
Advisory Release Date: 2023-06-21 19:10 Pacific
Advisory Updated Date: 2023-06-27 20:58 Pacific
Severity: Medium

Issue Overview:

A vulnerability was found in openldap that can cause a null pointer dereference in the ber_memalloc_x() function. (CVE-2023-2953)


Affected Packages:

openldap


Issue Correction:
Run dnf update openldap --releasever 2023.1.20230628 to update your system.

New Packages:
aarch64:
    openldap-clients-debuginfo-2.4.57-6.amzn2023.0.5.aarch64
    openldap-debuginfo-2.4.57-6.amzn2023.0.5.aarch64
    openldap-compat-debuginfo-2.4.57-6.amzn2023.0.5.aarch64
    openldap-2.4.57-6.amzn2023.0.5.aarch64
    openldap-compat-2.4.57-6.amzn2023.0.5.aarch64
    openldap-clients-2.4.57-6.amzn2023.0.5.aarch64
    openldap-servers-debuginfo-2.4.57-6.amzn2023.0.5.aarch64
    openldap-devel-2.4.57-6.amzn2023.0.5.aarch64
    openldap-servers-2.4.57-6.amzn2023.0.5.aarch64
    openldap-debugsource-2.4.57-6.amzn2023.0.5.aarch64

src:
    openldap-2.4.57-6.amzn2023.0.5.src

x86_64:
    openldap-clients-debuginfo-2.4.57-6.amzn2023.0.5.x86_64
    openldap-servers-debuginfo-2.4.57-6.amzn2023.0.5.x86_64
    openldap-compat-2.4.57-6.amzn2023.0.5.x86_64
    openldap-debuginfo-2.4.57-6.amzn2023.0.5.x86_64
    openldap-compat-debuginfo-2.4.57-6.amzn2023.0.5.x86_64
    openldap-2.4.57-6.amzn2023.0.5.x86_64
    openldap-clients-2.4.57-6.amzn2023.0.5.x86_64
    openldap-devel-2.4.57-6.amzn2023.0.5.x86_64
    openldap-servers-2.4.57-6.amzn2023.0.5.x86_64
    openldap-debugsource-2.4.57-6.amzn2023.0.5.x86_64