CVE-2008-2952
Published: 1 July 2008
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openldap Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Released
(2.4.11)
|
|
|
Patches: upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.111.2.7&r2=1.111.2.8&hideattic=1&sortbydate=0 |
||
|
openldap2.2 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.8)
|
| feisty |
Does not exist
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
openldap2.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| feisty |
Released
(2.3.30-2ubuntu0.3)
|
|
| gutsy |
Released
(2.3.35-1ubuntu0.3)
|
|
| hardy |
Released
(2.4.9-0ubuntu0.8.04.1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0 |
||