Univention Bugzilla – Bug 44731
openldap: Denial of service (4.2)
Last modified: 2017-06-28 18:00:20 CEST
Attached is a patch for ITS 8655: * servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. (CVE-2017-9287)
Created attachment 8896 [details] ITS-8655-paged-results-double-free.patch
Advisory: openldap.yaml
Tests: OK Advisory: OK
Please fix the test case if it's caused by this update: http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/13/SambaVersion=s4,Systemrolle=master/testReport/84_crypto/01_openssl_protocol_versions/test/
<http://errata.software-univention.de/ucs/4.2/60.html>
> Please fix the test case if it's caused by this update: http://jenkins.knut.univention.de:8080/job/UCS-4.2/job/UCS-4.2-1/job/AutotestJoin/13/SambaVersion=s4,Systemrolle=master/testReport/84_crypto/01_openssl_protocol_versions/test/ That's openssl