File _patchinfo of Package patchinfo.4917

<patchinfo incident="4917">
  <packager>guohouzuo</packager>
  <issue tracker="bnc" id="1031702">regression for non-blocking connections (resets to blocking)</issue>
  <issue tracker="bnc" id="1041764">VUL-0: CVE-2017-9287: openldap2: Double free vulnerability in servers/slapd/back-mdb/search.c</issue>
  <issue tracker="bnc" id="1037396">slapd invalid pointer/segfault on startup</issue>
  <issue tracker="bnc" id="1065083">L3: libldap leaks socket descriptors</issue>
  <issue id="1073313" tracker="bnc">VUL-0: CVE-2017-17740: openldap2: contrib/slapd-modules/nops/nops.c, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack</issue>
  <issue id="2017-17740" tracker="cve" />
  <issue tracker="cve" id="2017-9287"></issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for openldap2</summary>
  <description>This update for openldap2 fixes the following issues:

Security issues fixed:

- CVE-2017-9287: A double free vulnerability in the mdb backend during search with page size 0 was fixed (bsc#1041764).
- CVE-2017-17740: Fixed a denial of service (slapd crash) via a member MODDN operation that could have been triggered when both the nops module and the memberof overlay are enabled (bsc#1073313).

Non-security issues fixed:

- Fix a regression in handling of non-blocking connections (bsc#1031702)
- Fix an uninitialised variable that causes startup failure (bsc#1037396)
- Fix libldap leaks socket descriptors issue (bsc#1065083)
</description>
</patchinfo>