Synopsis:          Moderate: openldap security update
Advisory ID:       SLSA-2014:0206-1
Issue Date:        2014-02-24
CVE Numbers:       CVE-2013-4449
--

A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use
this flaw to crash the server by immediately unbinding from the server
after sending a search request. (CVE-2013-4449)
--

SL5
  x86_64
    compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
    compat-openldap-2.3.43_2.2.29-27.el5_10.x86_64.rpm
    openldap-2.3.43-27.el5_10.i386.rpm
    openldap-2.3.43-27.el5_10.x86_64.rpm
    openldap-clients-2.3.43-27.el5_10.x86_64.rpm
    openldap-debuginfo-2.3.43-27.el5_10.i386.rpm
    openldap-debuginfo-2.3.43-27.el5_10.x86_64.rpm
    openldap-devel-2.3.43-27.el5_10.i386.rpm
    openldap-devel-2.3.43-27.el5_10.x86_64.rpm
    openldap-servers-2.3.43-27.el5_10.x86_64.rpm
    openldap-servers-overlays-2.3.43-27.el5_10.x86_64.rpm
    openldap-servers-sql-2.3.43-27.el5_10.x86_64.rpm
  i386
    compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
    openldap-2.3.43-27.el5_10.i386.rpm
    openldap-clients-2.3.43-27.el5_10.i386.rpm
    openldap-debuginfo-2.3.43-27.el5_10.i386.rpm
    openldap-devel-2.3.43-27.el5_10.i386.rpm
    openldap-servers-2.3.43-27.el5_10.i386.rpm
    openldap-servers-overlays-2.3.43-27.el5_10.i386.rpm
    openldap-servers-sql-2.3.43-27.el5_10.i386.rpm

- Scientific Linux Development Team