Information on source package openldap

Available versions

ReleaseVersion
jessie2.4.40+dfsg-1+deb8u4
jessie (security)2.4.40+dfsg-1+deb8u5
stretch2.4.44+dfsg-5+deb9u3
buster2.4.47+dfsg-3+deb10u1
bullseye2.4.48+dfsg-1
sid2.4.48+dfsg-1

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2017-17740vulnerablevulnerablevulnerablevulnerablevulnerablecontrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ...
CVE-2017-14159vulnerablevulnerablevulnerablevulnerablevulnerableslapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...
CVE-2015-3276vulnerablevulnerablevulnerablevulnerablevulnerableThe nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ...

Resolved issues

BugDescription
TEMP-0253838-2AD268Minor local DoS as libldap
CVE-2019-13565An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...
CVE-2019-13057An issue was discovered in the server in OpenLDAP before 2.4.48. When ...
CVE-2017-9287servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...
CVE-2016-4984/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...
CVE-2015-6908The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...
CVE-2015-1546Double free vulnerability in the get_vrFilter function in servers/slap ...
CVE-2015-1545The deref_parseCtrl function in servers/slapd/overlays/deref.c in Open ...
CVE-2014-9713The default slapd configuration in the Debian openldap package 2.4.23- ...
CVE-2014-8182crash in ldap_domain2hostlist when processing SRV records
CVE-2013-4449The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not prope ...
CVE-2012-2668libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, wh ...
CVE-2012-1164slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...
CVE-2011-4079Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.2 ...
CVE-2011-1081modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attack ...
CVE-2011-1025bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...
CVE-2011-1024chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-sl ...
CVE-2010-0212OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ( ...
CVE-2010-0211The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...
CVE-2009-3767libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...
CVE-2008-2952liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ca ...

Security announcements

DSA / DLADescription
DLA-1891-1openldap - security update
DLA-972-1openldap - security update
DSA-3868-1openldap - security update
DLA-309-1openldap - security update
DSA-3356-1openldap - security update
DSA-3356-1openldap - security update
DLA-203-1openldap - security update
DSA-3209-1openldap - security update
DSA-2077-1openldap - potential code execution
DSA-1943-1openldap openldap2.3 - SSL certificate

Search for package or bug name: Reporting problems