[USN-6616-1] OpenLDAP vulnerability

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jan 30 14:43:20 UTC 2024

Ubuntu Security Notice USN-6616-1
January 30, 2024

openldap vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS


OpenLDAP could be made to crash if it received specially crafted input.

Software Description:
- openldap: Lightweight Directory Access Protocol


It was discovered that OpenLDAP was not properly performing bounds checks
when executing functions related to LDAP URLs. An attacker could possibly
use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   slapd                           2.5.16+dfsg-0ubuntu0.22.04.2

Ubuntu 20.04 LTS:
   slapd                           2.4.49+dfsg-2ubuntu1.10

In general, a standard system update will make all the necessary changes.


Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20240130/d5550d00/attachment-0001.sig>

More information about the ubuntu-security-announce mailing list