Security update for openldap2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2181-1 Final 1 1 2017-08-16T18:05:33Z current 2017-08-16T18:05:33Z 2017-08-16T18:05:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openldap2 This update for openldap2 fixes the following issues: * Let OpenLDAP read system wide certificate directory by default and avoid hiding the error if user specified CA location cannot be read (boo#1009470). * Fix CVE-2017-9287: openldap2: Double free vulnerability with patch (boo#1041764) * Fix an uninitialized variable that causes startup failure (boo#1037396) * Fix a regression in handling of non-blocking connection with (boo#1031702) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-08/msg00063.html E-Mail link for openSUSE-SU-2017:2181-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 libldap-2_4-2-2.4.44-18.1 libldap-2_4-2-32bit-2.4.44-18.1 libldap-data-2.4.44-18.1 openldap2-2.4.44-18.1 openldap2-back-meta-2.4.44-18.1 openldap2-back-perl-2.4.44-18.1 openldap2-back-sock-2.4.44-18.1 openldap2-back-sql-2.4.44-18.1 openldap2-client-2.4.44-18.1 openldap2-contrib-2.4.44-18.1 openldap2-devel-2.4.44-18.1 openldap2-devel-32bit-2.4.44-18.1 openldap2-devel-static-2.4.44-18.1 openldap2-doc-2.4.44-18.1 openldap2-ppolicy-check-password-1.2-18.1 libldap-2_4-2-2.4.44-18.1 as a component of openSUSE Leap 42.3 libldap-2_4-2-32bit-2.4.44-18.1 as a component of openSUSE Leap 42.3 libldap-data-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-back-meta-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-back-perl-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-back-sock-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-back-sql-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-client-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-contrib-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-devel-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-devel-32bit-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-devel-static-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-doc-2.4.44-18.1 as a component of openSUSE Leap 42.3 openldap2-ppolicy-check-password-1.2-18.1 as a component of openSUSE Leap 42.3 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. CVE-2017-9287 openSUSE Leap 42.3:libldap-2_4-2-2.4.44-18.1 openSUSE Leap 42.3:libldap-2_4-2-32bit-2.4.44-18.1 openSUSE Leap 42.3:libldap-data-2.4.44-18.1 openSUSE Leap 42.3:openldap2-2.4.44-18.1 openSUSE Leap 42.3:openldap2-back-meta-2.4.44-18.1 openSUSE Leap 42.3:openldap2-back-perl-2.4.44-18.1 openSUSE Leap 42.3:openldap2-back-sock-2.4.44-18.1 openSUSE Leap 42.3:openldap2-back-sql-2.4.44-18.1 openSUSE Leap 42.3:openldap2-client-2.4.44-18.1 openSUSE Leap 42.3:openldap2-contrib-2.4.44-18.1 openSUSE Leap 42.3:openldap2-devel-2.4.44-18.1 openSUSE Leap 42.3:openldap2-devel-32bit-2.4.44-18.1 openSUSE Leap 42.3:openldap2-devel-static-2.4.44-18.1 openSUSE Leap 42.3:openldap2-doc-2.4.44-18.1 openSUSE Leap 42.3:openldap2-ppolicy-check-password-1.2-18.1 moderate 4 AV:N/AC:L/Au:S/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-08/msg00063.html https://www.suse.com/security/cve/CVE-2017-9287.html CVE-2017-9287 https://bugzilla.suse.com/1041764 SUSE Bug 1041764