Oval Definition:oval:com.redhat.rhsa:def:20171852
Revision Date:2017-08-01Version:638
Title:RHSA-2017:1852: openldap security, bug fix, and enhancement update (Moderate)
Description:OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP.

  • The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365)

    Security Fix(es):

  • A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287)

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-9287
    RHSA-2017:1852
    RHSA-2017:1852-01
    Platform(s):Red Hat Enterprise Linux 7
    Red Hat Enterprise Linux 7 (please do not use for >= RHEL-7.5)
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • openldap is earlier than 0:2.4.44-5.el7
  • AND openldap is signed with Red Hat redhatrelease2 key
  • openldap-clients is earlier than 0:2.4.44-5.el7
  • AND openldap-clients is signed with Red Hat redhatrelease2 key
  • openldap-devel is earlier than 0:2.4.44-5.el7
  • AND openldap-devel is signed with Red Hat redhatrelease2 key
  • openldap-servers is earlier than 0:2.4.44-5.el7
  • AND openldap-servers is signed with Red Hat redhatrelease2 key
  • openldap-servers-sql is earlier than 0:2.4.44-5.el7
  • AND openldap-servers-sql is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND Package Information
  • openldap-devel is earlier than 0:2.4.44-5.el7
  • AND openldap-devel is signed with Red Hat redhatrelease2 key
  • OR
  • openldap-servers-sql is earlier than 0:2.4.44-5.el7
  • AND openldap-servers-sql is signed with Red Hat redhatrelease2 key
  • OR
  • openldap-servers is earlier than 0:2.4.44-5.el7
  • AND openldap-servers is signed with Red Hat redhatrelease2 key
  • OR
  • openldap-clients is earlier than 0:2.4.44-5.el7
  • AND openldap-clients is signed with Red Hat redhatrelease2 key
  • OR
  • openldap is earlier than 0:2.4.44-5.el7
  • AND openldap is signed with Red Hat redhatrelease2 key
    • BACK