[ MDVSA-2015:074 ] openldap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:074
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openldap
 Date    : March 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in openldap:
 
 The deref_parseCtrl function in servers/slapd/overlays/deref.c in
 OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
 denial of service (NULL pointer dereference and crash) via an empty
 attribute list in a deref control in a search request (CVE-2015-1545).
 
 The updated packages provides a solution for these security issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvena

Leave a Reply