CVE-2008-2952
Published: 1 July 2008
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
Priority
Status
Package | Release | Status |
---|---|---|
openldap
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Released
(2.4.11)
|
|
Patches:
upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.111.2.7&r2=1.111.2.8&hideattic=1&sortbydate=0 |
||
openldap2.2
Launchpad, Ubuntu, Debian |
dapper |
Released
(2.2.26-5ubuntu2.8)
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
upstream |
Needs triage
|
|
openldap2.3
Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Released
(2.3.30-2ubuntu0.3)
|
|
gutsy |
Released
(2.3.35-1ubuntu0.3)
|
|
hardy |
Released
(2.4.9-0ubuntu0.8.04.1)
|
|
upstream |
Needs triage
|
|
Patches:
upstream: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0 |