Debian Security Advisory
DLA-972-1 openldap -- LTS security update
- Date Reported:
- 01 Jun 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-9287.
- More information:
It was discovered that there was a double-free vulnerability in the
A user with access to search the directory could crash slapd by issuing a search requesting a
Paged Resultsvalue set to zero.
For Debian 7
Wheezy, this issue has been fixed in openldap version 2.4.31-2+deb7u3.
We recommend that you upgrade your openldap packages.