Updated openldap packages fix security vulnerability
Publication date: 03 Jan 2018Modification date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9287
Description
A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query (CVE-2017-9287). The openldap package has been updated to version 2.4.45 to fix this issue and other bugs.
References
SRPMS
5/core
- openldap-2.4.45-1.mga5