Overview

File _patchinfo of Package patchinfo.3564

<patchinfo incident="3564">
  <issue id="1009470" tracker="bnc">openldap2-client: ldap.conf should contain TLS_CACERTDIR</issue>
  <issue id="1041764" tracker="bnc"> VUL-0: CVE-2017-9287: openldap2: Double free vulnerability in servers/slapd/back-mdb/search.c</issue>
  <issue id="1037396" tracker="bnc">slapd invalid pointer/segfault on startup</issue>
  <issue id="972331" tracker="bnc">openldap: slapd segfault after importing huge amount of data</issue>
  <issue id="2017-9287" tracker="cve"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>guohouzuo</packager>
  <description>
This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764)

Non security bugs fixed:

- Let OpenLDAP read system-wide certificates by default and don't hide the error if
  the user-specified CA location cannot be read. (bsc#1009470)
- Fix an uninitialised variable that causes startup failure (bsc#1037396)
- Fix an issue with transaction management that can cause server crash (bsc#972331)

</description>
  <summary>Security update for openldap2</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places