Univention Bugzilla – Bug 37729
openldap: Denial of service (4.0)
Last modified: 2018-04-09 12:27:59 CEST
If the slapo-deref overlay is used (which is not the case in a standard UCS installation) and if the list of attributes to be dereferenced is left empty, slapd can be crashed (CVE-2015-1545)
UCS 4.0 is affected by an additional denial of service issue, which affects the standard UCS configuration (CVE-2015-1546).
Patches for these issues have been applied. I can no longer reproduce the slapd crash of CVE-2015-1546 with the updated package. YAML file: 2015-02-09-openldap.yaml
Tests: OK Advisory: OK
http://errata.univention.de/ucs/4.0/82.html