Bugzilla – Bug 916897
VUL-0: CVE-2015-1545: openldap2: slapd crashes on search with deref control and empty attr list
Last modified: 2017-06-07 10:02:23 UTC
rh#1190643 With the deref overlay enabled, ldapsearch with '-E deref=member:' causes slapd to crash. References: http://www.openldap.org/its/?findid=8027 http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988 https://bugzilla.redhat.com/show_bug.cgi?id=1190643 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545 http://seclists.org/oss-sec/2015/q1/452
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-02-26. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/60662
A bug fix has been submitted to SP3:Update, awaiting review.
SUSE-SU-2015:0887-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 846389,905959,916897,916914 CVE References: CVE-2013-4449,CVE-2015-1545,CVE-2015-1546 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): openldap2-2.4.26-0.30.1, openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): openldap2-2.4.26-0.30.1, openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Server 11 SP3 (src): openldap2-2.4.26-0.30.1, openldap2-client-2.4.26-0.30.1 SUSE Linux Enterprise Security Module 11 SP3 (src): openldap2-client-openssl1-2.4.26-0.30.2 SUSE Linux Enterprise Desktop 11 SP3 (src): openldap2-client-2.4.26-0.30.1
SUSE-SU-2015:1077-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 905959,916897,916914 CVE References: CVE-2015-1545,CVE-2015-1546 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): openldap2-2.4.39-15.1, openldap2-2.4.39-16.1, openldap2-client-2.4.39-15.1, openldap2-client-2.4.39-16.1 SUSE Linux Enterprise Server 12 (src): openldap2-2.4.39-15.1, openldap2-2.4.39-16.1, openldap2-client-2.4.39-15.1, openldap2-client-2.4.39-16.1 SUSE Linux Enterprise Module for Legacy Software 12 (src): openldap2-2.4.39-15.1, openldap2-2.4.39-16.1 SUSE Linux Enterprise Desktop 12 (src): openldap2-client-2.4.39-16.1 12 (src): openldap2-2.4.39-16.1
This is an autogenerated message for OBS integration: This bug (916897) was mentioned in https://build.opensuse.org/request/show/315869 13.2 / openldap2
Review open for 10 days, please review: https://build.opensuse.org/request/show/315869
Maintenance request in review for 13 days, can you please review: https://build.opensuse.org/request/show/315869 I believe Viktor did not submit this to the devel project. Can you please ensure the SLE patches are brought into Factory?
This is an autogenerated message for OBS integration: This bug (916897) was mentioned in https://build.opensuse.org/request/show/318094 13.1 / openldap2
openSUSE-SU-2015:1325-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 905959,916897,916914 CVE References: CVE-2015-1545,CVE-2015-1546 Sources used: openSUSE 13.2 (src): openldap2-2.4.39-8.5.1, openldap2-client-2.4.39-8.5.1 openSUSE 13.1 (src): openldap2-2.4.33-8.3.1, openldap2-client-2.4.33-8.3.1
done i think
This is an autogenerated message for OBS integration: This bug (916897) was mentioned in https://build.opensuse.org/request/show/501412 Factory / openldap2
This is an autogenerated message for OBS integration: This bug (916897) was mentioned in https://build.opensuse.org/request/show/501631 Factory / openldap2