Debian DLA-309-1 : openldap security update
Medium Nessus Plugin ID 85931
SynopsisThe remote Debian host is missing a security update.
DescriptionDenis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet.
The Squeeze-LTS package has been prepared by Ryan Tandy.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected packages.