Synopsis: Moderate: openldap security and bug fix update
Advisory ID: SLSA-2014:0126-1
Issue Date: 2014-02-03
CVE Numbers: CVE-2013-4449
—
A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use
this flaw to crash the server by immediately unbinding from the server
after sending a search request. (CVE-2013-4449)
This update also fixes the following bug:
* Previously, OpenLDAP did not properly handle a number of simultaneous
updates. As a consequence, sending a number of parallel update requests to
the server could cause a deadlock. With this update, a superfluous locking
mechanism causing the deadlock has been removed, thus fixing the bug.
—
SL6
x86_64
openldap-2.4.23-34.el6_5.1.i686.rpm
openldap-2.4.23-34.el6_5.1.x86_64.rpm
openldap-clients-2.4.23-34.el6_5.1.x86_64.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.x86_64.rpm
openldap-devel-2.4.23-34.el6_5.1.i686.rpm
openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm
openldap-servers-2.4.23-34.el6_5.1.x86_64.rpm
openldap-servers-sql-2.4.23-34.el6_5.1.x86_64.rpm
i386
openldap-2.4.23-34.el6_5.1.i686.rpm
openldap-clients-2.4.23-34.el6_5.1.i686.rpm
openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm
openldap-devel-2.4.23-34.el6_5.1.i686.rpm
openldap-servers-2.4.23-34.el6_5.1.i686.rpm
openldap-servers-sql-2.4.23-34.el6_5.1.i686.rpm
– Scientific Linux Development Team
