Oval Definition:oval:org.opensuse.security:def:80093
Revision Date:2015-04-13Version:1
Title:Security update for openldap2
Description:



openldap2 was updated to fix three security issues and one non-security bug.

The following vulnerabilities were fixed:

* A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546)

The following non-security bug was fixed:

* Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959)

Security Issues:

* CVE-2015-1546 * CVE-2015-1545 * CVE-2013-4449

Family:unixClass:patch
Status:Reference(s):846389
905959
916897
916914
CVE-2013-4449
CVE-2015-1545
CVE-2015-1546
SUSE-SU-2015:0887-1
Platform(s):SUSE Linux Enterprise Desktop 11 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • libldap-2_4-2-2.4.26-0.30.1 is installed
  • OR libldap-2_4-2-32bit-2.4.26-0.30.1 is installed
  • OR openldap2-client-2.4.26-0.30.1 is installed
    • BACK