[SECURITY] [DLA 972-1] openldap security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 972-1] openldap security update
From: Chris Lamb <lamby@debian.org>
Date: Thu, 01 Jun 2017 22:55:25 +0100
Message-id: <[🔎] 1496354125.1535794.995955808.7F1BAE12@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : openldap
Version        : 2.4.31-2+deb7u3
CVE ID         : CVE-2017-9287
Debian Bug     : #863563

It was discovered that there was a double-free vulnerability in the
"openldap" LDAP server.

A user with access to search the directory could crash slapd by issuing
a search requesting a "Paged Results" value set to zero.

For Debian 7 "Wheezy", this issue has been fixed in openldap version
2.4.31-2+deb7u3.

We recommend that you upgrade your openldap packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkwjTgACgkQHpU+J9Qx
HliIKA/8DiVFLvuMbbX8mqQLARE/x3Q4wNdWjo6sHP9dv237l/6GbWYarNjuFGwi
cKxtkmorC6F98MhVoAY4y72MdJyoXfrG0KDgg+Ek5u/v4TCtc5RU2fQMBH8xigh5
byn0gg1jF5geXR2iBuqRlnF7UGvBYSrnnSZwMNRf17xTfUO3vM/V6e7+u2g0eIbu
EFfdbghQiTZKlljRQ+ep+kTVJK+RSwWKzXqluyDGoRa8gCQ8o2tv+KLlgw56G/FA
qqAHqzcccWEEXZy695pIBFgKjjQB5EmFhHUsMs8HsvEh8zplLl2ko1Ti/zTKXWsl
PgebyK9qLxPo6L0cePxRtZwSy0nEUbz3MSri4qHKL8Q8+Pbx8bex1es+aFOpvAAU
bZhsnlk+yHH0A4rmLYveKnfy2I7ULb4R7GAPKTkcndVEIKn/HPwRxkPF1Zgv6CA5
x37beAUBOkNsfZnVwbouP0htlUupsF4IyN0R6c+qIeEk05SIgAMvzu8uRC+HqKwb
z5YScF4bx06Aso9zOdVaJxyvGTjlLFY4olCElJ22rzOqz/GyMXio7NcM3nul28ZY
b8PRSNX2bQsr2ki+r35B82HZGvbTcXuwsdufJeazUVBZfwe97qig+UyK/Eppm8T8
h/MGa4BY+qxNWI3Ue+CqlND0I+/BfFTgcmRrREwj/paiQhJwSUY=
=SAxW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 974-1] picocom security update
Next by Date: [SECURITY] [DLA 975-1] wordpress security update
Previous by thread: [SECURITY] [DLA 974-1] picocom security update
Next by thread: [SECURITY] [DLA 975-1] wordpress security update
Index(es):
- Date
- Thread