Security update for openldap2_5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0256-1 Final 1 1 2026-01-22T16:08:55Z current 2026-01-22T16:08:55Z 2026-01-22T16:08:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openldap2_5 This update for openldap2_5 fixes the following issues: Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297) Other fixes: - Update to version 2.5.20+11: * ITS#10421 mdb_load: check for malicious input The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-256,SUSE-SLE-Module-Basesystem-15-SP7-2026-256,SUSE-SLE-Module-Server-Applications-15-SP7-2026-256,openSUSE-SLE-15.6-2026-256 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260256-1/ Link for SUSE-SU-2026:0256-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023892.html E-Mail link for SUSE-SU-2026:0256-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256297 SUSE Bug 1256297 https://www.suse.com/security/cve/CVE-2026-22185/ SUSE CVE CVE-2026-22185 page SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Server Applications 15 SP7 openSUSE Leap 15.6 libldap-2_5-0-2.5.20+11-150500.11.38.1 openldap2_5-2.5.20+11-150500.11.38.1 openldap2_5-client-2.5.20+11-150500.11.38.1 openldap2_5-contrib-2.5.20+11-150500.11.38.1 openldap2_5-devel-2.5.20+11-150500.11.38.1 openldap2_5-doc-2.5.20+11-150500.11.38.1 openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 libldap-2_5-0-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 openldap2_5-client-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 openldap2_5-devel-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 openldap2_5-doc-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 openldap2_5-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 openldap2_5-contrib-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libldap-2_5-0-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-client-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-contrib-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-devel-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-doc-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 as a component of openSUSE Leap 15.6 OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition. CVE-2026-22185 SUSE Linux Enterprise Module for Basesystem 15 SP7:libldap-2_5-0-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-client-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-devel-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:openldap2_5-doc-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:openldap2_5-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:openldap2_5-contrib-2.5.20+11-150500.11.38.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:libldap-2_5-0-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-client-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-contrib-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-devel-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-doc-2.5.20+11-150500.11.38.1 openSUSE Leap 15.6:openldap2_5-ppolicy-check-password-2.5.20+11-150500.11.38.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260256-1/ https://www.suse.com/security/cve/CVE-2026-22185.html CVE-2026-22185 https://bugzilla.suse.com/1256297 SUSE Bug 1256297