Описание
Security update for openldap2
openldap2 was updated to fix two security issues and one non-security bug.
The following vulnerabilities were fixed:
- A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897 CVE-2015-1545)
- A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914 CVE-2015-1546)
The following non-security issue was fixed:
- Prevent connection-0 (internal connection) from showing up in the monitor backend (bnc#905959)
Список пакетов
SUSE Linux Enterprise Desktop 12
libldap-2_4-2-2.4.39-16.1
libldap-2_4-2-32bit-2.4.39-16.1
openldap2-client-2.4.39-16.1
SUSE Linux Enterprise Module for Legacy 12
compat-libldap-2_3-0-2.3.37-16.1
SUSE Linux Enterprise Server 12
libldap-2_4-2-2.4.39-16.1
libldap-2_4-2-32bit-2.4.39-16.1
openldap2-2.4.39-16.1
openldap2-back-meta-2.4.39-16.1
openldap2-client-2.4.39-16.1
SUSE Linux Enterprise Server for SAP Applications 12
compat-libldap-2_3-0-2.3.37-16.1
libldap-2_4-2-2.4.39-16.1
libldap-2_4-2-32bit-2.4.39-16.1
openldap2-2.4.39-16.1
openldap2-back-meta-2.4.39-16.1
openldap2-client-2.4.39-16.1
SUSE Linux Enterprise Software Development Kit 12
openldap2-back-perl-2.4.39-16.1
openldap2-devel-2.4.39-16.1
openldap2-devel-static-2.4.39-16.1
Ссылки
- Link for SUSE-SU-2015:1077-1
- E-Mail link for SUSE-SU-2015:1077-1
- SUSE Security Ratings
- SUSE Bug 905959
- SUSE Bug 916897
- SUSE Bug 916914
- SUSE CVE CVE-2015-1545 page
- SUSE CVE CVE-2015-1546 page
Описание
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libldap-2_4-2-2.4.39-16.1
SUSE Linux Enterprise Desktop 12:libldap-2_4-2-32bit-2.4.39-16.1
SUSE Linux Enterprise Desktop 12:openldap2-client-2.4.39-16.1
SUSE Linux Enterprise Module for Legacy 12:compat-libldap-2_3-0-2.3.37-16.1
Ссылки
- CVE-2015-1545
- SUSE Bug 846389
- SUSE Bug 916897
- SUSE Bug 916914
Описание
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libldap-2_4-2-2.4.39-16.1
SUSE Linux Enterprise Desktop 12:libldap-2_4-2-32bit-2.4.39-16.1
SUSE Linux Enterprise Desktop 12:openldap2-client-2.4.39-16.1
SUSE Linux Enterprise Module for Legacy 12:compat-libldap-2_3-0-2.3.37-16.1
Ссылки
- CVE-2015-1546
- SUSE Bug 916914