Security update for openldap2
| Announcement ID: | SUSE-SU-2015:1077-1 |
| Rating: | moderate |
| References: | #905959 #916897 #916914 |
| Affected Products: |
An update that solves two vulnerabilities and has one errata is now available.
Description:
openldap2 was updated to fix two security issues and one non-security bug.
The following vulnerabilities were fixed:
* A remote attacker could cause a denial of service through a NULL pointer
dereference and crash via an empty attribute list in a deref control in
a search request. (bnc#916897 CVE-2015-1545)
* A remote attacker could cause a denial of service (crash) via a crafted
search query with a matched values control. (bnc#916914 CVE-2015-1546)
The following non-security issue was fixed:
* Prevent connection-0 (internal connection) from showing up in the
monitor backend (bnc#905959)
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12:
zypper in -t patch SUSE-SLE-SDK-12-2015-273=1 - SUSE Linux Enterprise Server 12:
zypper in -t patch SUSE-SLE-SERVER-12-2015-273=1 - SUSE Linux Enterprise Module for Legacy Software 12:
zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-273=1 - SUSE Linux Enterprise Desktop 12:
zypper in -t patch SUSE-SLE-DESKTOP-12-2015-273=1 - 12:
zypper in -t patch SUSE-SLE-SAP-12-2015-273=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 12 (s390x x86_64):
- openldap2-back-perl-2.4.39-16.1
- openldap2-back-perl-debuginfo-2.4.39-16.1
- openldap2-client-debuginfo-2.4.39-16.1
- openldap2-client-debugsource-2.4.39-16.1
- openldap2-debuginfo-2.4.39-16.1
- openldap2-debugsource-2.4.39-16.1
- openldap2-devel-2.4.39-16.1
- openldap2-devel-static-2.4.39-16.1
- SUSE Linux Enterprise Software Development Kit 12 (ppc64le):
- openldap2-back-perl-2.4.39-15.1
- openldap2-back-perl-debuginfo-2.4.39-15.1
- openldap2-client-debuginfo-2.4.39-15.1
- openldap2-client-debugsource-2.4.39-15.1
- openldap2-debuginfo-2.4.39-15.1
- openldap2-debugsource-2.4.39-15.1
- openldap2-devel-2.4.39-15.1
- openldap2-devel-static-2.4.39-15.1
- SUSE Linux Enterprise Server 12 (s390x x86_64):
- libldap-2_4-2-2.4.39-16.1
- libldap-2_4-2-32bit-2.4.39-16.1
- libldap-2_4-2-debuginfo-2.4.39-16.1
- libldap-2_4-2-debuginfo-32bit-2.4.39-16.1
- openldap2-2.4.39-16.1
- openldap2-back-meta-2.4.39-16.1
- openldap2-back-meta-debuginfo-2.4.39-16.1
- openldap2-client-2.4.39-16.1
- openldap2-client-debuginfo-2.4.39-16.1
- openldap2-client-debugsource-2.4.39-16.1
- openldap2-debuginfo-2.4.39-16.1
- openldap2-debugsource-2.4.39-16.1
- SUSE Linux Enterprise Server 12 (ppc64le):
- libldap-2_4-2-2.4.39-15.1
- libldap-2_4-2-debuginfo-2.4.39-15.1
- openldap2-2.4.39-15.1
- openldap2-back-meta-2.4.39-15.1
- openldap2-back-meta-debuginfo-2.4.39-15.1
- openldap2-client-2.4.39-15.1
- openldap2-client-debuginfo-2.4.39-15.1
- openldap2-client-debugsource-2.4.39-15.1
- openldap2-debuginfo-2.4.39-15.1
- openldap2-debugsource-2.4.39-15.1
- SUSE Linux Enterprise Module for Legacy Software 12 (s390x x86_64):
- compat-libldap-2_3-0-2.3.37-16.1
- compat-libldap-2_3-0-debuginfo-2.3.37-16.1
- SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le):
- compat-libldap-2_3-0-2.3.37-15.1
- compat-libldap-2_3-0-debuginfo-2.3.37-15.1
- SUSE Linux Enterprise Desktop 12 (x86_64):
- libldap-2_4-2-2.4.39-16.1
- libldap-2_4-2-32bit-2.4.39-16.1
- libldap-2_4-2-debuginfo-2.4.39-16.1
- libldap-2_4-2-debuginfo-32bit-2.4.39-16.1
- openldap2-client-2.4.39-16.1
- openldap2-client-debuginfo-2.4.39-16.1
- openldap2-client-debugsource-2.4.39-16.1
- 12 (x86_64):
- compat-libldap-2_3-0-2.3.37-16.1
- compat-libldap-2_3-0-debuginfo-2.3.37-16.1