-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : openldap Version : 2.4.31-2+deb7u3 CVE ID : CVE-2017-9287 Debian Bug : #863563
It was discovered that there was a double-free vulnerability in the "openldap" LDAP server. A user with access to search the directory could crash slapd by issuing a search requesting a "Paged Results" value set to zero. For Debian 7 "Wheezy", this issue has been fixed in openldap version 2.4.31-2+deb7u3. We recommend that you upgrade your openldap packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkwjTgACgkQHpU+J9Qx HliIKA/8DiVFLvuMbbX8mqQLARE/x3Q4wNdWjo6sHP9dv237l/6GbWYarNjuFGwi cKxtkmorC6F98MhVoAY4y72MdJyoXfrG0KDgg+Ek5u/v4TCtc5RU2fQMBH8xigh5 byn0gg1jF5geXR2iBuqRlnF7UGvBYSrnnSZwMNRf17xTfUO3vM/V6e7+u2g0eIbu EFfdbghQiTZKlljRQ+ep+kTVJK+RSwWKzXqluyDGoRa8gCQ8o2tv+KLlgw56G/FA qqAHqzcccWEEXZy695pIBFgKjjQB5EmFhHUsMs8HsvEh8zplLl2ko1Ti/zTKXWsl PgebyK9qLxPo6L0cePxRtZwSy0nEUbz3MSri4qHKL8Q8+Pbx8bex1es+aFOpvAAU bZhsnlk+yHH0A4rmLYveKnfy2I7ULb4R7GAPKTkcndVEIKn/HPwRxkPF1Zgv6CA5 x37beAUBOkNsfZnVwbouP0htlUupsF4IyN0R6c+qIeEk05SIgAMvzu8uRC+HqKwb z5YScF4bx06Aso9zOdVaJxyvGTjlLFY4olCElJ22rzOqz/GyMXio7NcM3nul28ZY b8PRSNX2bQsr2ki+r35B82HZGvbTcXuwsdufJeazUVBZfwe97qig+UyK/Eppm8T8 h/MGa4BY+qxNWI3Ue+CqlND0I+/BfFTgcmRrREwj/paiQhJwSUY= =SAxW -----END PGP SIGNATURE-----