Advisories » MGASA-2015-0143

Updated openldap packages fix CVE-2015-1545

Publication date: 09 Apr 2015
Modification date: 09 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1545

Description

Updated openldap packages fix security vulnerability:

The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL pointer
when a search request includes the Deref control with an empty list of
attributes to return (missing input validation). This allows a remote
unauthenticated client to crash the LDAP server (CVE-2015-1545).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15232
• http://openwall.com/lists/oss-security/2015/02/07/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545

SRPMS

4/core

• openldap-2.4.38-1.3.mga4