SUSE-SU-2015:0887-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0887-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2015:0887-1
- Related
- Published
- 2015-04-13T12:35:26Z
- Modified
- 2015-04-13T12:35:26Z
- Summary
- Security update for openldap2
- Details
-
openldap2 was updated to fix three security issues and one non-security bug.
The following vulnerabilities were fixed:
* A remote attacker could cause a denial of service (slapd crash) by unbinding immediately after a search request. (bnc#846389, CVE-2013-4449) * A remote attacker could cause a denial of service through a NULL pointer dereference and crash via an empty attribute list in a deref control in a search request. (bnc#916897, CVE-2015-1545) * A remote attacker could cause a denial of service (crash) via a crafted search query with a matched values control. (bnc#916914, CVE-2015-1546)The following non-security bug was fixed:
* Prevent connection-0 (internal connection) from showing up in the monitor back-end. (bnc#905959)Security Issues:
* CVE-2015-1546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546> * CVE-2015-1545 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545> * CVE-2013-4449 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449> - References
-
- https://www.suse.com/support/update/announcement/2015/suse-su-20150887-1/
- https://bugzilla.suse.com/846389
- https://bugzilla.suse.com/905959
- https://bugzilla.suse.com/916897
- https://bugzilla.suse.com/916914
- https://www.suse.com/security/cve/CVE-2013-4449
- https://www.suse.com/security/cve/CVE-2015-1545
- https://www.suse.com/security/cve/CVE-2015-1546