Mandriva Linux Security Advisory : openldap (MDVSA-2015:073)
Medium Nessus Plugin ID 82326
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionMultiple vulnerabilities has been discovered and corrected in openldap :
The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request (CVE-2015-1545).
Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control (CVE-2015-1546).
The updated packages provides a solution for these security issues.
SolutionUpdate the affected packages.