Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-972-1 openldap

Debian Security Advisory

DLA-972-1 openldap -- LTS security update

Date Reported:

01 Jun 2017

Affected Packages:

openldap

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-9287.

More information:

It was discovered that there was a double-free vulnerability in the openldap LDAP server.

A user with access to search the directory could crash slapd by issuing a search requesting a Paged Results value set to zero.

For Debian 7 Wheezy, this issue has been fixed in openldap version 2.4.31-2+deb7u3.

We recommend that you upgrade your openldap packages.