Synopsis: Moderate: openldap security update Issue date: 2010-07-20 CVE Names: CVE-2009-3767 CVE-2010-0211 An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211) A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) After installing this update, the OpenLDAP daemons will be restarted automatically. SL 4.x SRPMS: openldap-2.2.13-12.el4_8.3.src.rpm i386: compat-openldap-2.1.30-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-clients-2.2.13-12.el4_8.3.i386.rpm openldap-devel-2.2.13-12.el4_8.3.i386.rpm openldap-servers-2.2.13-12.el4_8.3.i386.rpm openldap-servers-sql-2.2.13-12.el4_8.3.i386.rpm x86_64: compat-openldap-2.1.30-12.el4_8.3.i386.rpm compat-openldap-2.1.30-12.el4_8.3.x86_64.rpm openldap-2.2.13-12.el4_8.3.i386.rpm openldap-2.2.13-12.el4_8.3.x86_64.rpm openldap-clients-2.2.13-12.el4_8.3.x86_64.rpm openldap-devel-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-2.2.13-12.el4_8.3.x86_64.rpm openldap-servers-sql-2.2.13-12.el4_8.3.x86_64.rpm -Connie Sieh -Troy Dawson