{"affected":[{"ecosystem_specific":{"binaries":[{"openldap2-devel":"2.4.26-0.17.23.1"}]},"package":{"ecosystem":"SUSE:Studio Onsite 1.3","name":"openldap2-client","purl":"pkg:rpm/suse/openldap2-client&distro=SUSE%20Studio%20Onsite%201.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.4.26-0.17.23.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following security issues:\n\n- CVE-2015-6908: The ber_get_next function allowed remote attackers to cause a denial\n  of service (reachable assertion and application crash) via crafted BER data, as\n  demonstrated by an attack against slapd. (bsc#945582)\n- CVE-2015-4000: Fix weak Diffie-Hellman size vulnerability. (bsc#937766)\n","id":"SUSE-SU-2016:0262-1","modified":"2016-01-27T14:24:17Z","published":"2016-01-27T14:24:17Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160262-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/937766"},{"type":"REPORT","url":"https://bugzilla.suse.com/945582"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-4000"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2015-6908"}],"related":["CVE-2015-4000","CVE-2015-6908"],"summary":"Security update for openldap2","upstream":["CVE-2015-4000","CVE-2015-6908"]}