[ MDVSA-2015:073 ] openldap

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:073
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openldap
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openldap:
 
 The deref_parseCtrl function in servers/slapd/overlays/deref.c in
 OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a
 denial of service (NULL pointer dereference and crash) via an empty
 attribute list in a deref control in a search request (CVE-2015-1545).
 
 Double free vulnerability in the get_vrFilter function in
 servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to
 cause a denial of service (crash) via a crafted searc

Leave a Reply