Debian 10232 Published by

Updated openldap packages are available for Debian 6 LTS



Package : openldap
Version : 2.4.23-7.3+deb6u2
CVE ID : CVE-2015-6908
Debian Bug : 798622

Denis Andzakovic discovered that OpenLDAP, a free implementation of the
Lightweight Directory Access Protocol, does not properly handle BER
data. An unauthenticated remote attacker can use this flaw to cause a
denial of service (slapd daemon crash) via a specially crafted packet.

The Squeeze-LTS package has been prepared by Ryan Tandy.