DoS vulnerabilities in OpenLDAP

In the latest version of open source directory server OpenLDAP, version 2.3.39, the development team have fixed vulnerabilities which could have been exploited by attackers to crash the server. Where older versions of the server run as proxies, incorrect null-terminated filter lists can result in invalid memory access and crash slapd. Errors can also occur with internal conversion of values in objectClasses. These also lead to unwanted termination of the service.

The changelog in the announcement for the updated version of the software also mentions other minor bugs which have been corrected by the developers. Administrators who use OpenLDAP should install the update at their convenience.

See also:

• OpenLDAP 2.3.39 available, announcement of and changelog for version 2.3.39 from the development team
• Download the latest version of OpenLDAP
• ldapadd with 'objectClasses' instead of 'objectClass' brings slapd down, security advisory on the Debian bug tracking system
• slapd segfaults when running as proxy-caching server, security advisory on the OpenLDAP bug tracking system

(mba)