Multiple vulnerabilities has been discovered and corrected in openldap:

The deref_parseCtrl function in servers/slapd/overlays/deref.c in
OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
denial of service (NULL pointer dereference and crash) via an empty
attribute list in a deref control in a search request (CVE-2015-1545).

Double free vulnerability in the get_vrFilter function in
servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to
cause a denial of service (crash) via a crafted search query with a
matched values control (CVE-2015-1546).

The updated packages provides a solution for these security issues.