Information on source package openldap

Available versions

ReleaseVersion
wheezy2.4.31-2+deb7u2
wheezy (security)2.4.31-2+deb7u3
jessie (security)2.4.40+dfsg-1+deb8u3
stretch2.4.44+dfsg-5+deb9u1
buster2.4.45+dfsg-1
sid2.4.45+dfsg-1

Open unimportant issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-14159vulnerablevulnerablevulnerablevulnerablevulnerableslapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...
CVE-2015-3276vulnerablevulnerablevulnerablevulnerablevulnerableThe nss_parse_ciphers function in libraries/libldap/tls_m.c in ...

Resolved issues

BugDescription
TEMP-0253838-2AD268Minor local DoS as libldap
CVE-2017-9287servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...
CVE-2016-4984/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...
CVE-2015-6908The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...
CVE-2015-1546Double free vulnerability in the get_vrFilter function in ...
CVE-2015-1545The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...
CVE-2014-9713The default slapd configuration in the Debian openldap package ...
CVE-2014-8182crash in ldap_domain2hostlist when processing SRV records
CVE-2013-4449The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not ...
CVE-2012-2668libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, ...
CVE-2012-1164slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a ...
CVE-2011-4079Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...
CVE-2011-1081modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote ...
CVE-2011-1025bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...
CVE-2011-1024chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a ...
CVE-2010-0212OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ...
CVE-2010-0211The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...
CVE-2009-3767libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...
CVE-2008-2952liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ...

Security announcements

DSA / DLADescription
DLA-972-1openldap - security update
DSA-3868-1openldap - security update
DLA-309-1openldap - security update
DSA-3356-1openldap - security update
DSA-3356-1openldap - security update
DLA-203-1openldap - security update
DSA-3209-1openldap - security update
DSA-2077-1openldap - potential code execution
DSA-1943-1openldap openldap2.3 - SSL certificate

Search for package or bug name: Reporting problems