Explore top 10 tips to secure your open-source projects now. Read More
×
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network. The openldap package contains configuration files, libraries,
and documentation for OpenLDAP.
A flaw was found in the way the OpenLDAP server daemon (slapd) parsed
certain Basic Encoding Rules (BER) data. A remote attacker could use this
flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)
All openldap users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
https://access.redhat.com/security/cve/CVE-2015-6908 https://access.redhat.com/security/updates/classification#important
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
openldap-2.3.43-29.el5_11.src.rpm
i386:
compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm
openldap-2.3.43-29.el5_11.i386.rpm
openldap-clients-2.3.43-29.el5_11.i386.rpm
openldap-debuginfo-2.3.43-29.el5_11.i386.rpm
x86_64:
compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm
compat-openldap-2.3.43_2.2.29-29.el5_11.x86_64.rpm
openldap-2.3.43-29.el5_11.i386.rpm
openldap-2.3.43-29.el5_11.x86_64.rpm
openldap-clients-2.3.43-29.el5_11.x86_64.rpm
openldap-debuginfo-2.3.43-29.el5_11.i386.rpm
openldap-debuginfo-2.3.43-29.el5_11.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
openldap-2.3.43-29.el5_11.src.rpm
i386:
openldap-debuginfo-2.3.43-29.el5_11.i386.rpm
openldap-devel-2.3.43-29.el5_11.i386.rpm
openldap-servers-2.3.43-29.el5_11.i386.rpm
openldap-servers-overlays-2.3.43-29.el5_11.i386.rpm
openldap-servers-sql-2.3.43-29.el5_11.i386.rpm
x86_64:
openldap-debuginfo-2.3.43-29.el5_11.i386.rpm
openldap-debuginfo-2.3.43-29.el5_11.x86_64.rpm
openldap-devel-2.3.43-29.el5_11.i386.rpm
openldap-devel-2.3.43-29.el5_11.x86_64.rpm
openldap-servers-2.3.43-29.el5_11.x86_64.rpm
openldap-servers-overlays-2.3.43-29.el5_11.x86_64.rpm
openldap-servers-sql-2.3.43-29.el5_11.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
Read the Full Advisory
Updated openldap packages that fix one security issue are now available forRed Hat Enterprise Linux 5, 6, and 7.Red Hat Product Security has rated this update as having Important securityimpact. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available from the CVE link in theReferences section.
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
1262393 - CVE-2015-6908 openldap: ber_get_next denial of service vulnerability
Get the latest Linux and open source security news straight to your inbox.