Synopsis:	Moderate: openldap security and bug fix update

Issue date:	2011-03-10

CVE Names:	CVE-2011-1024



A flaw was found in the way OpenLDAP handled authentication failures 

being passed from an OpenLDAP slave to the master. If OpenLDAP was 

configured with a chain overlay and it forwarded authentication 

failures, OpenLDAP would bind to the directory as an anonymous user and 

return success, rather than return failure on the authenticated bind. 

This could allow a user on a system that uses LDAP for authentication to 

log into a directory-based account without knowing the password. 

(CVE-2011-1024)



This update also fixes the following bug:



* Previously, multiple concurrent connections to an OpenLDAP server 

could cause the slapd service to terminate unexpectedly with an 

assertion error. This update adds mutexes to protect multiple threads 

from accessing a structure with a connection, and the slapd service no 

longer crashes. (BZ#677611)



After installing this update, the OpenLDAP daemons will be restarted 

automatically.



SL 5.x



     SRPMS:

openldap-2.3.43-12.el5_6.7.src.rpm

     i386:

compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm

openldap-2.3.43-12.el5_6.7.i386.rpm

openldap-clients-2.3.43-12.el5_6.7.i386.rpm

openldap-devel-2.3.43-12.el5_6.7.i386.rpm

openldap-servers-2.3.43-12.el5_6.7.i386.rpm

openldap-servers-overlays-2.3.43-12.el5_6.7.i386.rpm

openldap-servers-sql-2.3.43-12.el5_6.7.i386.rpm

     x86_64:

compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm

compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm

openldap-2.3.43-12.el5_6.7.i386.rpm

openldap-2.3.43-12.el5_6.7.x86_64.rpm

openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm

openldap-devel-2.3.43-12.el5_6.7.i386.rpm

openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm

openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm

openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm

openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm



-Connie Sieh

-Troy Dawson