Synopsis:          Moderate: openldap security update

Advisory ID:       SLSA-2014:0206-1

Issue Date:        2014-02-24

CVE Numbers:       CVE-2013-4449

--



A denial of service flaw was found in the way the OpenLDAP server daemon

(slapd) performed reference counting when using the rwm (rewrite/remap)

overlay. A remote attacker able to query the OpenLDAP server could use

this flaw to crash the server by immediately unbinding from the server

after sending a search request. (CVE-2013-4449)

--



SL5

  x86_64

    compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm

    compat-openldap-2.3.43_2.2.29-27.el5_10.x86_64.rpm

    openldap-2.3.43-27.el5_10.i386.rpm

    openldap-2.3.43-27.el5_10.x86_64.rpm

    openldap-clients-2.3.43-27.el5_10.x86_64.rpm

    openldap-debuginfo-2.3.43-27.el5_10.i386.rpm

    openldap-debuginfo-2.3.43-27.el5_10.x86_64.rpm

    openldap-devel-2.3.43-27.el5_10.i386.rpm

    openldap-devel-2.3.43-27.el5_10.x86_64.rpm

    openldap-servers-2.3.43-27.el5_10.x86_64.rpm

    openldap-servers-overlays-2.3.43-27.el5_10.x86_64.rpm

    openldap-servers-sql-2.3.43-27.el5_10.x86_64.rpm

  i386

    compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm

    openldap-2.3.43-27.el5_10.i386.rpm

    openldap-clients-2.3.43-27.el5_10.i386.rpm

    openldap-debuginfo-2.3.43-27.el5_10.i386.rpm

    openldap-devel-2.3.43-27.el5_10.i386.rpm

    openldap-servers-2.3.43-27.el5_10.i386.rpm

    openldap-servers-overlays-2.3.43-27.el5_10.i386.rpm

    openldap-servers-sql-2.3.43-27.el5_10.i386.rpm



- Scientific Linux Development Team