Synopsis:	Moderate: openldap security update
Issue date:	2008-02-21
CVE Names:	CVE-2007-6698 CVE-2008-0658

These updated openldap packages fix a flaw in the way the OpenLDAP slapd
daemon handled modify and modrdn requests with NOOP control on objects
stored in a Berkeley DB (BDB) storage backend.  An authenticated attacker
with permission to perform modify or modrdn operations on such LDAP objects
could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658)

SL 4.x

     SRPMS:
openldap-2.2.13-8.el4_6.4.src.rpm
     i386:
compat-openldap-2.1.30-8.el4_6.4.i386.rpm
openldap-2.2.13-8.el4_6.4.i386.rpm
openldap-clients-2.2.13-8.el4_6.4.i386.rpm
openldap-devel-2.2.13-8.el4_6.4.i386.rpm
openldap-servers-2.2.13-8.el4_6.4.i386.rpm
openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm
     x86_64:
compat-openldap-2.1.30-8.el4_6.4.i386.rpm
compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm
openldap-2.2.13-8.el4_6.4.i386.rpm
openldap-2.2.13-8.el4_6.4.x86_64.rpm
openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm
openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm
openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm
openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm

SL 5.x

     SRPMS:
openldap-2.3.27-8.el5_1.3.src.rpm
     i386:
compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm
openldap-2.3.27-8.el5_1.3.i386.rpm
openldap-clients-2.3.27-8.el5_1.3.i386.rpm
openldap-devel-2.3.27-8.el5_1.3.i386.rpm
openldap-servers-2.3.27-8.el5_1.3.i386.rpm
openldap-servers-sql-2.3.27-8.el5_1.3.i386.rpm
     x86_64:
compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm
compat-openldap-2.3.27_2.2.29-8.el5_1.3.x86_64.rpm
openldap-2.3.27-8.el5_1.3.i386.rpm
openldap-2.3.27-8.el5_1.3.x86_64.rpm
openldap-clients-2.3.27-8.el5_1.3.x86_64.rpm
openldap-devel-2.3.27-8.el5_1.3.i386.rpm
openldap-devel-2.3.27-8.el5_1.3.x86_64.rpm
openldap-servers-2.3.27-8.el5_1.3.x86_64.rpm
openldap-servers-sql-2.3.27-8.el5_1.3.x86_64.rpm

-Connie Sieh
-Troy Dawson