Content-Transfer-Encoding: |
7bit |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Mon, 3 Feb 2014 20:15:10 +0000 |
MIME-Version: |
1.0 |
Content-Type: |
text/plain; charset="utf-8" |
Reply-To: |
|
Parts/Attachments: |
|
|
Synopsis: Moderate: openldap security and bug fix update
Advisory ID: SLSA-2014:0126-1
Issue Date: 2014-02-03
CVE Numbers: CVE-2013-4449
--
A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use
this flaw to crash the server by immediately unbinding from the server
after sending a search request. (CVE-2013-4449)
This update also fixes the following bug:
* Previously, OpenLDAP did not properly handle a number of simultaneous
updates. As a consequence, sending a number of parallel update requests to
the server could cause a deadlock. With this update, a superfluous locking
mechanism causing the deadlock has been removed, thus fixing the bug.
--
SL6
x86_64
openldap-2.4.23-34.el6_5.1.i686.rpm
openldap-2.4.23-34.el6_5.1.x86_64.rpm
openldap-clients-2.4.23-34.el6_5.1.x86_64.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.x86_64.rpm
openldap-devel-2.4.23-34.el6_5.1.i686.rpm
openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm
openldap-servers-2.4.23-34.el6_5.1.x86_64.rpm
openldap-servers-sql-2.4.23-34.el6_5.1.x86_64.rpm
i386
openldap-2.4.23-34.el6_5.1.i686.rpm
openldap-clients-2.4.23-34.el6_5.1.i686.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm
openldap-devel-2.4.23-34.el6_5.1.i686.rpm
openldap-servers-2.4.23-34.el6_5.1.i686.rpm
openldap-servers-sql-2.4.23-34.el6_5.1.i686.rpm
- Scientific Linux Development Team
|
|
|