Описание
Security update for openldap2
This update for openldap2 fixes the following issues:
- Let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (boo#1009470).
- Fix CVE-2017-9287: openldap2: Double free vulnerability with patch (boo#1041764)
- Fix an uninitialized variable that causes startup failure (boo#1037396)
- Fix a regression in handling of non-blocking connection with (boo#1031702)
Список пакетов
openSUSE Leap 42.3
libldap-2_4-2-2.4.44-18.1
libldap-2_4-2-32bit-2.4.44-18.1
libldap-data-2.4.44-18.1
openldap2-2.4.44-18.1
openldap2-back-meta-2.4.44-18.1
openldap2-back-perl-2.4.44-18.1
openldap2-back-sock-2.4.44-18.1
openldap2-back-sql-2.4.44-18.1
openldap2-client-2.4.44-18.1
openldap2-contrib-2.4.44-18.1
openldap2-devel-2.4.44-18.1
openldap2-devel-32bit-2.4.44-18.1
openldap2-devel-static-2.4.44-18.1
openldap2-doc-2.4.44-18.1
openldap2-ppolicy-check-password-1.2-18.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2181-1
- SUSE Security Ratings
Описание
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
Затронутые продукты
openSUSE Leap 42.3:libldap-2_4-2-2.4.44-18.1
openSUSE Leap 42.3:libldap-2_4-2-32bit-2.4.44-18.1
openSUSE Leap 42.3:libldap-data-2.4.44-18.1
openSUSE Leap 42.3:openldap2-2.4.44-18.1
Ссылки
- CVE-2017-9287
- SUSE Bug 1041764