Advisories » MGASA-2015-0374

Updated openldap package fixes security vulnerability

Publication date: 15 Sep 2015
Modification date: 15 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-6908

Description

By sending a crafted packet, an attacker can cause the OpenLDAP daemon to
crash with a SIGABRT. This is due to an assert() call in the
ber_get_next() method in a/libraries/liblber/io.c that is hit when
decoding tampered BER data (CVE-2015-6908)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16740
• http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
• http://openwall.com/lists/oss-security/2015/09/11/5
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908

SRPMS

4/core

• openldap-2.4.38-1.5.mga4

5/core

• openldap-2.4.40-3.1.mga5