Information on source package openldap

Available versions

ReleaseVersion
stretch2.4.44+dfsg-5+deb9u4
stretch (security)2.4.44+dfsg-5+deb9u5
buster2.4.47+dfsg-3+deb10u2
buster (security)2.4.47+dfsg-3+deb10u4
bullseye2.4.56+dfsg-1
sid2.4.56+dfsg-1

Open issues

BugstretchbusterbullseyesidDescription
CVE-2020-25710vulnerablefixedfixedfixedassertion failure in CSN normalization with invalid input
CVE-2020-25709vulnerablefixedfixedfixedassertion failure in Certificate List syntax validation

Open unimportant issues

BugstretchbusterbullseyesidDescription
CVE-2020-15719vulnerablevulnerablevulnerablevulnerablelibldap in certain third-party OpenLDAP packages has a certificate-val ...
CVE-2017-17740vulnerablevulnerablevulnerablevulnerablecontrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when bot ...
CVE-2017-14159vulnerablevulnerablevulnerablevulnerableslapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...
CVE-2015-3276vulnerablevulnerablevulnerablevulnerableThe nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDA ...

Resolved issues

BugDescription
TEMP-0253838-2AD268Minor local DoS as libldap
CVE-2020-25692vulnerability with slapd normalization handling with modrdn
CVE-2020-12243In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...
CVE-2019-13565An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL ...
CVE-2019-13057An issue was discovered in the server in OpenLDAP before 2.4.48. When ...
CVE-2017-9287servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...
CVE-2016-4984/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...
CVE-2015-6908The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...
CVE-2015-1546Double free vulnerability in the get_vrFilter function in servers/slap ...
CVE-2015-1545The deref_parseCtrl function in servers/slapd/overlays/deref.c in Open ...
CVE-2014-9713The default slapd configuration in the Debian openldap package 2.4.23- ...
CVE-2014-8182An off-by-one error leading to a crash was discovered in openldap 2.4 ...
CVE-2013-4449The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not prope ...
CVE-2012-2668libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, wh ...
CVE-2012-1164slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a den ...
CVE-2011-4079Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.2 ...
CVE-2011-1081modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attack ...
CVE-2011-1025bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...
CVE-2011-1024chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-sl ...
CVE-2010-0212OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ( ...
CVE-2010-0211The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...
CVE-2009-3767libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...
CVE-2008-2952liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ca ...

Security announcements

DSA / DLADescription
DSA-4792-1openldap - security update
DLA-2425-1openldap - security update
DSA-4782-1openldap - security update
DLA-2199-1openldap - security update
DSA-4666-1openldap - security update
DLA-1891-1openldap - security update
DLA-972-1openldap - security update
DSA-3868-1openldap - security update
DLA-309-1openldap - security update
DSA-3356-1openldap - security update
DLA-203-1openldap - security update
DSA-3209-1openldap - security update
DSA-2077-1openldap - potential code execution
DSA-1943-1openldap openldap2.3 - SSL certificate

Search for package or bug name: Reporting problems