Advisories ยป MGASA-2015-0374

Updated openldap package fixes security vulnerability

Publication date: 15 Sep 2015
Modification date: 15 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-6908

Description

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to
crash with a SIGABRT. This is due to an assert() call in the
ber_get_next() method in a/libraries/liblber/io.c that is hit when
decoding tampered BER data (CVE-2015-6908)
                

References

SRPMS

5/core

4/core