Package: slapd Version: 2.3.38 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for slapd.
CVE-2007-5708[0]: Name: CVE-2007-5708 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 Reference: MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 Reference: MLIST:[openldap-announce] 20071026 OpenLDAP 2.3.39 available Reference: URL:http://www.openldap.org/lists/openldap-announce/200710/msg00001.html Reference: BID:26245 Reference: URL:http://www.securityfocus.com/bid/26245 Reference: FRSIRT:ADV-2007-3645 Reference: URL:http://www.frsirt.com/english/advisories/2007/3645 Reference: SECUNIA:27424 Reference: URL:http://secunia.com/advisories/27424 slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initiialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. This information is not yet on the mitre site but it seems to be public. A fix for this can be found on: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/overlays/pcache.c.diff?r1=1.41.2.20&r2=1.41.2.21&hideattic=1&sortbydate=0 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOLFsij1vVl.pgp
Description: PGP signature
