5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.947 High
EPSS
Percentile
99.2%
CentOS Errata and Security Advisory CESA-2015:1840
OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network. The openldap package contains configuration files, libraries,
and documentation for OpenLDAP.
A flaw was found in the way the OpenLDAP server daemon (slapd) parsed
certain Basic Encoding Rules (BER) data. A remote attacker could use this
flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)
All openldap users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-September/083580.html
https://lists.centos.org/pipermail/centos-announce/2015-September/083581.html
https://lists.centos.org/pipermail/centos-announce/2015-September/083582.html
Affected packages:
compat-openldap
openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-overlays
openldap-servers-sql
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1840
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | compat-openldap | < 2.3.43_2.2.29-29.el5_11 | compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap | < 2.3.43-29.el5_11 | openldap-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap-clients | < 2.3.43-29.el5_11 | openldap-clients-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap-devel | < 2.3.43-29.el5_11 | openldap-devel-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap-servers | < 2.3.43-29.el5_11 | openldap-servers-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap-servers-overlays | < 2.3.43-29.el5_11 | openldap-servers-overlays-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | openldap-servers-sql | < 2.3.43-29.el5_11 | openldap-servers-sql-2.3.43-29.el5_11.i386.rpm |
CentOS | 5 | i386 | compat-openldap | < 2.3.43_2.2.29-29.el5_11 | compat-openldap-2.3.43_2.2.29-29.el5_11.i386.rpm |
CentOS | 5 | x86_64 | compat-openldap | < 2.3.43_2.2.29-29.el5_11 | compat-openldap-2.3.43_2.2.29-29.el5_11.x86_64.rpm |
CentOS | 5 | i386 | openldap | < 2.3.43-29.el5_11 | openldap-2.3.43-29.el5_11.i386.rpm |