Univention Bugzilla – Bug 39340
openldap: Denial of service (4.0)
Last modified: 2015-09-23 17:13:05 CEST
Another issue now fixed in 2.4.31-2+deb7u1: * Denial of service by unauthenticated remote attackers (reachable assertion and application crash) via crafted BER data (CVE-2015-6908)
The openldap package has been rebuilt in scope errata4.0-3 with the extracted Debian patch 96_ITS8240-remove-obsolete-assert.patch Advisory: 2015-09-11-openldap.yaml Note: currently we still support 4.0-2, the advisory has been updated accordingly.
OK - slapd (2.4.40-1.202.201509141730) with 96_ITS8240-remove-obsolete-assert in errata4.0-3 OK - YAML
<http://errata.software-univention.de/ucs/4.0/324.html>