drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in OpenLDAP
Name: |
Denial of Service in OpenLDAP |
|
ID: |
DSA-3356-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie |
|
Datum: |
Sa, 12. September 2015, 08:32 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908 |
|
Applikationen: |
OpenLDAP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3356-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso September 12, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : openldap CVE ID : CVE-2015-6908 Debian Bug : 798622
Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.
For the oldstable distribution (wheezy), this problem has been fixed in version 2.4.31-2+deb7u1.
For the stable distribution (jessie), this problem has been fixed in version 2.4.40+dfsg-1+deb8u1.
For the unstable distribution (sid), this problem has been fixed in version 2.4.42+dfsg-2.
We recommend that you upgrade your openldap packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJV87FJAAoJEAVMuPMTQ89EQg0P/3PLqJ6BGTe82TdHFblTXOo5 7Un/Wyn/vlpZmxvvyK2V0aUyaxHMxJF4epkkxYuw1aezkLTL0N4TJD340BKg07yL shEPGarzr8Uz09vtiXwGkVbdN9Vy3O+EnAsUeWri5msi7gvi16p7lWKRE+sFlJUB Tc4tMP4DtT60gTh+nhnEPPzqZ1fN8/Q2hjfMo4OypZJiMShRyA+/8a5BO9MtRFt5 MlM8j7N6WWujevvaQruYvZMlRhiX3y1Nj6Qs4tI1K516LwvWKxSB6E/i0DvRlXng AK3XcG63XpEk5Xvyn0r2IqQ2BPHguKpyZBknP0t6WZuVSDKBnDPWkyn6IFd5mIbi v7ASefpqdMeoyMbO9geLDnjA4QLwzf+D/FHHFaiS6RvRCecYQpQ+zFKaElAK80Af fnsc69cwkwP3QGgke0yZNwFAlGNjnYpZA/kbkuajWhvDJ7ORzcUCDeJl/aM8Ewd6 hONkpCBt9ZkEP2NXiO8nh2OUnxob6apFrdRizrXg0z+FWcjFLjWzzZDfQ61Bc9P3 kW0LpedsteYv+ALhLG/vmrXhNQu6vX/alPiIsyaKXvENb3VMxMqpweEhuvLRNpKl uTeKN+c1p+tT1jFfTe97UspRPnkmUqHuvBAPjifFr5ul7JSXzpo/gm3n1C3xXRuW JzjOveySpH1hwGsrmXSR =kj8y -----END PGP SIGNATURE-----
|
|
|
|