Branch p7 update bulletin.

Package openldap updated to version 2.4.42-alt0.M70P.1 for branch p7 in task 150615.

Published: 2014-02-03

BDU:2015-07058

Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07060

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07061

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07062

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07064

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07066

Severity: MEDIUM (4.3)

References:

Published: 2014-02-03

BDU:2015-07068

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09060

Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09061

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09062

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09063

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09064

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09065

Severity: MEDIUM (4.3)

References:

Published: 2014-02-04

BDU:2015-09066

Severity: MEDIUM (4.3)

References:

Published: 2014-02-05
Modified: 2024-11-21

CVE-2013-4449

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.

Severity: MEDIUM (4.3)

References:

Published: 2015-04-01
Modified: 2024-11-21

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

Severity: MEDIUM (4.0)

References:

Published: 2015-02-12
Modified: 2024-11-21

CVE-2015-1545

The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.

Severity: MEDIUM (5.0)

References:

Published: 2015-09-11
Modified: 2024-11-21

CVE-2015-6908

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Severity: MEDIUM (5.0)

References:

Надо обновить или пересобрать.

Version: 2.1.0

Branch p7 update on 2015-10-03

ALT-BU-2015-2670-1

ALT-PU-2015-1822-1

Closed vulnerabilities

BDU:2015-07058

BDU:2015-07060

BDU:2015-07061

BDU:2015-07062

BDU:2015-07064

BDU:2015-07066

BDU:2015-07068

BDU:2015-09060

BDU:2015-09061

BDU:2015-09062

BDU:2015-09063

BDU:2015-09064

BDU:2015-09065

BDU:2015-09066

CVE-2013-4449

CVE-2014-9713

CVE-2015-1545

CVE-2015-6908

Closed bugs

Bug #29485