New Search

SUSE-SU-2015:1077-1 -- Security update for openldap2 (moderate)

oval:org.mitre.oval:def:29208

openldap2 was updated to fix two security issues and one non-security bug. The following vulnerabilities were fixed: * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897 CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914 CVE-2015-1546) The following non-security issue was fixed: * Prevent connection-0 (internal connection) from showing up in the monitor backend (bnc#905959)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Desktop 12
Class:
patch
Reference(s):
  • SUSE-SU-2015:1077-1
  • CVE-2015-1545
  • CVE-2015-1546
Product(s):
  • openldap2