Debian Security Advisory

DLA-972-1 openldap -- LTS security update

Date Reported:
01 Jun 2017
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2017-9287.
More information:

It was discovered that there was a double-free vulnerability in the openldap LDAP server.

A user with access to search the directory could crash slapd by issuing a search requesting a Paged Results value set to zero.

For Debian 7 Wheezy, this issue has been fixed in openldap version 2.4.31-2+deb7u3.

We recommend that you upgrade your openldap packages.