SUSE-SU-2015:0887-1

Source
https://www.suse.com/support/update/announcement/2015/suse-su-20150887-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:0887-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:0887-1
Related
Published
2015-04-13T12:35:26Z
Modified
2015-04-13T12:35:26Z
Summary
Security update for openldap2
Details

openldap2 was updated to fix three security issues and one non-security bug.

The following vulnerabilities were fixed:

* A remote attacker could cause a denial of service (slapd crash) by
  unbinding immediately after a search request. (bnc#846389,
  CVE-2013-4449)
* A remote attacker could cause a denial of service through a NULL
  pointer dereference and crash via an empty attribute list in a deref
  control in a search request. (bnc#916897, CVE-2015-1545)
* A remote attacker could cause a denial of service (crash) via a
  crafted search query with a matched values control. (bnc#916914,
  CVE-2015-1546)

The following non-security bug was fixed:

* Prevent connection-0 (internal connection) from showing up in the
  monitor back-end. (bnc#905959)

Security Issues:

* CVE-2015-1546
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1546>
* CVE-2015-1545
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1545>
* CVE-2013-4449
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449>
References

Affected packages