RHSA-2015:1840

Affecting openldap package, versions <0:2.4.39-7.el7_1

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

CVE
RHSA-2015:1840
Snyk ID
SNYK-CENTOS7-OPENLDAP-304556
Published
27 Jun, 2018