Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0887-1

Опубликовано: 13 апр. 2015
Источник: suse-cvrf

Описание

Security update for openldap2

openldap2 was updated to fix three security issues and one non-security bug.

The following vulnerabilities were fixed:

* A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546)

The following non-security bug was fixed:

* Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959)

Security Issues:

* CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
libldap-2_4-2-2.4.26-0.30.1
libldap-2_4-2-32bit-2.4.26-0.30.1
openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11 SP3
compat-libldap-2_3-0-2.3.37-2.30.1
libldap-2_4-2-2.4.26-0.30.1
libldap-2_4-2-32bit-2.4.26-0.30.1
libldap-2_4-2-x86-2.4.26-0.30.1
openldap2-2.4.26-0.30.1
openldap2-back-meta-2.4.26-0.30.1
openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
compat-libldap-2_3-0-2.3.37-2.30.1
libldap-2_4-2-2.4.26-0.30.1
libldap-2_4-2-32bit-2.4.26-0.30.1
libldap-2_4-2-x86-2.4.26-0.30.1
openldap2-2.4.26-0.30.1
openldap2-back-meta-2.4.26-0.30.1
openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11-SECURITY
libldap-openssl1-2_4-2-2.4.26-0.30.2
libldap-openssl1-2_4-2-32bit-2.4.26-0.30.2
libldap-openssl1-2_4-2-x86-2.4.26-0.30.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
compat-libldap-2_3-0-2.3.37-2.30.1
libldap-2_4-2-2.4.26-0.30.1
libldap-2_4-2-32bit-2.4.26-0.30.1
libldap-2_4-2-x86-2.4.26-0.30.1
openldap2-2.4.26-0.30.1
openldap2-back-meta-2.4.26-0.30.1
openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Software Development Kit 11 SP3
openldap2-2.4.26-0.30.1
openldap2-back-perl-2.4.26-0.30.1
openldap2-devel-2.4.26-0.30.1
openldap2-devel-32bit-2.4.26-0.30.1

Ссылки

Описание

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:compat-libldap-2_3-0-2.3.37-2.30.1
Ссылки

Описание

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:compat-libldap-2_3-0-2.3.37-2.30.1
Ссылки

Описание

Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-32bit-2.4.26-0.30.1
SUSE Linux Enterprise Desktop 11 SP3:openldap2-client-2.4.26-0.30.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:compat-libldap-2_3-0-2.3.37-2.30.1
Ссылки