Advisories ยป MGASA-2018-0033

Updated openldap packages fix security vulnerability

Publication date: 03 Jan 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9287


A double-free flaw was found in the way OpenLDAP's slapd server using the
MDB backend handled LDAP searches. A remote attacker with access to search
the directory could potentially use this flaw to crash slapd by issuing a
specially crafted LDAP search query (CVE-2017-9287).

The openldap package has been updated to version 2.4.45 to fix this issue
and other bugs.