Synopsis: Moderate: openldap security update Issue date: 2008-02-21 CVE Names: CVE-2007-6698 CVE-2008-0658 These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) SL 4.x SRPMS: openldap-2.2.13-8.el4_6.4.src.rpm i386: compat-openldap-2.1.30-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-clients-2.2.13-8.el4_6.4.i386.rpm openldap-devel-2.2.13-8.el4_6.4.i386.rpm openldap-servers-2.2.13-8.el4_6.4.i386.rpm openldap-servers-sql-2.2.13-8.el4_6.4.i386.rpm x86_64: compat-openldap-2.1.30-8.el4_6.4.i386.rpm compat-openldap-2.1.30-8.el4_6.4.x86_64.rpm openldap-2.2.13-8.el4_6.4.i386.rpm openldap-2.2.13-8.el4_6.4.x86_64.rpm openldap-clients-2.2.13-8.el4_6.4.x86_64.rpm openldap-devel-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-2.2.13-8.el4_6.4.x86_64.rpm openldap-servers-sql-2.2.13-8.el4_6.4.x86_64.rpm SL 5.x SRPMS: openldap-2.3.27-8.el5_1.3.src.rpm i386: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-clients-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-servers-2.3.27-8.el5_1.3.i386.rpm openldap-servers-sql-2.3.27-8.el5_1.3.i386.rpm x86_64: compat-openldap-2.3.27_2.2.29-8.el5_1.3.i386.rpm compat-openldap-2.3.27_2.2.29-8.el5_1.3.x86_64.rpm openldap-2.3.27-8.el5_1.3.i386.rpm openldap-2.3.27-8.el5_1.3.x86_64.rpm openldap-clients-2.3.27-8.el5_1.3.x86_64.rpm openldap-devel-2.3.27-8.el5_1.3.i386.rpm openldap-devel-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-2.3.27-8.el5_1.3.x86_64.rpm openldap-servers-sql-2.3.27-8.el5_1.3.x86_64.rpm -Connie Sieh -Troy Dawson