Synopsis: Moderate: openldap security and bug fix update Advisory ID: SLSA-2014:0126-1 Issue Date: 2014-02-03 CVE Numbers: CVE-2013-4449 -- A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) This update also fixes the following bug: * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. -- SL6 x86_64 openldap-2.4.23-34.el6_5.1.i686.rpm openldap-2.4.23-34.el6_5.1.x86_64.rpm openldap-clients-2.4.23-34.el6_5.1.x86_64.rpm openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm openldap-debuginfo-2.4.23-34.el6_5.1.x86_64.rpm openldap-devel-2.4.23-34.el6_5.1.i686.rpm openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm openldap-servers-2.4.23-34.el6_5.1.x86_64.rpm openldap-servers-sql-2.4.23-34.el6_5.1.x86_64.rpm i386 openldap-2.4.23-34.el6_5.1.i686.rpm openldap-clients-2.4.23-34.el6_5.1.i686.rpm openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm openldap-devel-2.4.23-34.el6_5.1.i686.rpm openldap-servers-2.4.23-34.el6_5.1.i686.rpm openldap-servers-sql-2.4.23-34.el6_5.1.i686.rpm - Scientific Linux Development Team