-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : openldap Version : 2.4.23-7.3+deb6u2 CVE ID : CVE-2015-6908 Debian Bug : 798622
Denis Andzakovic discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, does not properly handle BER data. An unauthenticated remote attacker can use this flaw to cause a denial of service (slapd daemon crash) via a specially crafted packet. The Squeeze-LTS package has been prepared by Ryan Tandy. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJV9y4AXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHayEQAIf4JunhEb5mGmUo8sSMkG9I xdRjk4+RJyGd7/V7nDJXJZITVJIX301isGOPHOmmKZOXBBlWm5+6UxzxvuMp83Kd j28s/gRQBp7Gx2e5Ue5wYl/88EvKacs2i4LyQulTd2PhQWZc2gvQ86C+B/EsUBdy fO6PKOHswjqg/uE1ivEwVcR/AHBKqAg+eHDuEYmqF5R1QVzt6mMTXNU/N/iYktoI rnmmUqiOqb3wImaCCGl1BL/qV7o4Ou89pnNj5nRM2bm0L9xaVK9qFxvXCP9EuWm2 832otgFv0obTfid0Sikoe6NP3p6JVfjnDLN4LERpNB1oWH8a+dlZdygzsvIefctz bXVKNEPPCnweGKQcPVBdSLut3EocTBm/ryS2KIMEw54onwAfDcnCGKp0R0Er71z6 qqTABUwuGR5x9Yq7m3opzNgtBoSJYX4cPQiZ7Vmfta7GlnjL4Cjwk+EtBiohsTLG aY2p839nROg+EgaTPLy/F8qAT5F1Lr/EJVslAecTtlNWvMOED3t2jrF64tyNKqIC Z/w1hGr6+G/wB9KkFtNBXaCJncpsPlqA+X/yLxN203DXffZfEs0Yt8Vnxhi5TWAK CsaWvQ3DsxSYwczAhrgRAxFhTp+1GQ3VayA1bxM7zuw0X9sQbrg5cx/r4EGixTBZ V52qiiFu5iuiwSKGZ79Y =DYJ/ -----END PGP SIGNATURE-----
