Security update for openldap2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1325-1 Final 1 1 2015-07-23T14:59:19Z current 2015-07-23T14:59:19Z 2015-07-23T14:59:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openldap2 OpenLDAP was updated to fix two security issues and one bug. The following vulnerabilities were fixed: * CVE-2015-1546: slapd crash in valueReturnFilter cleanup (bnc#916914) * CVE-2015-1545: slapd crashes on search with deref control and empty attr list (bnc#916897) The following non-security bug was fixed: * boo#905959: Prevent connection-0 (internal connection) from show up in the monitor backend The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html E-Mail link for openSUSE-SU-2015:1325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libldap-2_4-2-2.4.33-8.3.1 libldap-2_4-2-32bit-2.4.33-8.3.1 openldap2-2.4.33-8.3.1 openldap2-back-meta-2.4.33-8.3.1 openldap2-back-perl-2.4.33-8.3.1 openldap2-back-sql-2.4.33-8.3.1 openldap2-client-2.4.33-8.3.1 openldap2-devel-2.4.33-8.3.1 openldap2-devel-32bit-2.4.33-8.3.1 openldap2-devel-static-2.4.33-8.3.1 openldap2-doc-2.4.33-8.3.1 The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. CVE-2015-1545 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html https://www.suse.com/security/cve/CVE-2015-1545.html CVE-2015-1545 https://bugzilla.suse.com/846389 SUSE Bug 846389 https://bugzilla.suse.com/905959 SUSE Bug 905959 https://bugzilla.suse.com/916897 SUSE Bug 916897 https://bugzilla.suse.com/916914 SUSE Bug 916914 Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. CVE-2015-1546 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00069.html https://www.suse.com/security/cve/CVE-2015-1546.html CVE-2015-1546 https://bugzilla.suse.com/916914 SUSE Bug 916914