Launchpad CVE tracker

CVE 2015-6908

The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.

Related bugs and status

CVE-2015-6908 (Candidate) is related to these bugs:

Bug #1532648: Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)

Summary				In	Importance	Status
	1532648	Please merge openldap 2.4.42+dfsg-2 (main) from Debian testing (main)		openldap (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.openldap.or...
CONFIRM: http://www.openldap.or...
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-12-08-3
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
BID: 76714
SUSE: SUSE-SU-2016:0224
SUSE: openSUSE-SU-2016:0226
SUSE: SUSE-SU-2016:0262
SUSE: openSUSE-SU-2016:0255
SUSE: openSUSE-SU-2016:0261
REDHAT: RHSA-2015:1840
CONFIRM: http://www.security-as...
DEBIAN: DSA-3356
UBUNTU: USN-2742-1
SECTRACK: 1033534

Launchpad.net

CVE 2015-6908

Related bugs and status

Related bugs

References