Описание
Security update for openldap2
This update fixes the following security issue:
- CVE-2015-6908. Passing a crafted packet to the function ber_get_next(), an attacker may cause a remote denial of service, crashing the OpenLDAP server (bsc#945582).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Desktop 11 SP4
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Server 11 SP3
compat-libldap-2_3-0-2.3.37-2.62.2
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
libldap-2_4-2-x86-2.4.26-0.62.2
openldap2-2.4.26-0.62.2
openldap2-back-meta-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
compat-libldap-2_3-0-2.3.37-2.62.2
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
libldap-2_4-2-x86-2.4.26-0.62.2
openldap2-2.4.26-0.62.2
openldap2-back-meta-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Server 11 SP4
compat-libldap-2_3-0-2.3.37-2.62.2
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
libldap-2_4-2-x86-2.4.26-0.62.2
openldap2-2.4.26-0.62.2
openldap2-back-meta-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Server 11-SECURITY
libldap-openssl1-2_4-2-2.4.26-0.62.3
libldap-openssl1-2_4-2-32bit-2.4.26-0.62.3
libldap-openssl1-2_4-2-x86-2.4.26-0.62.3
SUSE Linux Enterprise Server for SAP Applications 11 SP3
compat-libldap-2_3-0-2.3.37-2.62.2
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
libldap-2_4-2-x86-2.4.26-0.62.2
openldap2-2.4.26-0.62.2
openldap2-back-meta-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
compat-libldap-2_3-0-2.3.37-2.62.2
libldap-2_4-2-2.4.26-0.62.2
libldap-2_4-2-32bit-2.4.26-0.62.2
libldap-2_4-2-x86-2.4.26-0.62.2
openldap2-2.4.26-0.62.2
openldap2-back-meta-2.4.26-0.62.2
openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Software Development Kit 11 SP3
openldap2-2.4.26-0.62.2
openldap2-back-perl-2.4.26-0.62.2
openldap2-devel-2.4.26-0.62.2
openldap2-devel-32bit-2.4.26-0.62.2
SUSE Linux Enterprise Software Development Kit 11 SP4
openldap2-2.4.26-0.62.2
openldap2-back-perl-2.4.26-0.62.2
openldap2-devel-2.4.26-0.62.2
openldap2-devel-32bit-2.4.26-0.62.2
Ссылки
- Link for SUSE-SU-2016:0090-1
- E-Mail link for SUSE-SU-2016:0090-1
- SUSE Security Ratings
- SUSE Bug 945582
- SUSE CVE CVE-2015-6908 page
Описание
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-2.4.26-0.62.2
SUSE Linux Enterprise Desktop 11 SP3:libldap-2_4-2-32bit-2.4.26-0.62.2
SUSE Linux Enterprise Desktop 11 SP3:openldap2-client-2.4.26-0.62.2
SUSE Linux Enterprise Desktop 11 SP4:libldap-2_4-2-2.4.26-0.62.2
Ссылки
- CVE-2015-6908
- SUSE Bug 945582