Synopsis:	Moderate: openldap security and bug fix update
Issue date:	2011-03-10
CVE Names:	CVE-2011-1024

A flaw was found in the way OpenLDAP handled authentication failures 
being passed from an OpenLDAP slave to the master. If OpenLDAP was 
configured with a chain overlay and it forwarded authentication 
failures, OpenLDAP would bind to the directory as an anonymous user and 
return success, rather than return failure on the authenticated bind. 
This could allow a user on a system that uses LDAP for authentication to 
log into a directory-based account without knowing the password. 
(CVE-2011-1024)

This update also fixes the following bug:

* Previously, multiple concurrent connections to an OpenLDAP server 
could cause the slapd service to terminate unexpectedly with an 
assertion error. This update adds mutexes to protect multiple threads 
from accessing a structure with a connection, and the slapd service no 
longer crashes. (BZ#677611)

After installing this update, the OpenLDAP daemons will be restarted 
automatically.

SL 5.x

     SRPMS:
openldap-2.3.43-12.el5_6.7.src.rpm
     i386:
compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm
openldap-2.3.43-12.el5_6.7.i386.rpm
openldap-clients-2.3.43-12.el5_6.7.i386.rpm
openldap-devel-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-overlays-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-sql-2.3.43-12.el5_6.7.i386.rpm
     x86_64:
compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm
compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm
openldap-2.3.43-12.el5_6.7.i386.rpm
openldap-2.3.43-12.el5_6.7.x86_64.rpm
openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm
openldap-devel-2.3.43-12.el5_6.7.i386.rpm
openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm

-Connie Sieh
-Troy Dawson