CVE-2015-6908
Published: 11 September 2015
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
Priority
Status
Package | Release | Status |
---|---|---|
openldap Launchpad, Ubuntu, Debian |
precise |
Released
(2.4.28-1.1ubuntu4.6)
|
trusty |
Released
(2.4.31-1+nmu2ubuntu8.2)
|
|
upstream |
Released
(2.4.42+dfsg-2)
|
|
vivid |
Released
(2.4.31-1+nmu2ubuntu12.3)
|
|
Patches: upstream: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 |