Synopsis: Low: openldap security and bug-fix update Issue date: 2007-06-11 CVE Names: CVE-2006-4600 A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600) A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application. SL 3.0.x SRPMS: openldap-2.0.27-23.src.rpm i386: openldap-2.0.27-23.i386.rpm openldap-clients-2.0.27-23.i386.rpm openldap-devel-2.0.27-23.i386.rpm openldap-servers-2.0.27-23.i386.rpm x86_64: openldap-2.0.27-23.i386.rpm openldap-2.0.27-23.x86_64.rpm openldap-clients-2.0.27-23.x86_64.rpm openldap-devel-2.0.27-23.x86_64.rpm openldap-servers-2.0.27-23.x86_64.rpm -Connie Sieh -Troy Dawson