[Pkg-openldap-devel] Bug#488710: slapd: remote DoS
Steffen Joeris
steffen.joeris at skolelinux.de
Mon Jun 30 19:26:27 UTC 2008
Package: slapd
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
The following email came over the public security list:
Hi,
Remote unauthenticated attackers can trigger an assertion in the ASN.1
BER
decoding of openlap and crash the server:
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580
cu
Ludwig
An upstream patch seems to be here:
http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0
Please make sure that you upload your package with high urgency or
contact us on the public email list[0] for a possible DTSA coordination.
Cheers
Steffen
[0]: secure-testing-team at lists.alioth.debian.org
More information about the Pkg-openldap-devel
mailing list