User: Password:
|
|
Subscribe / Log in / New account

Scientific Linux alert SLSA-2014:0126-1 (openldap)

From:  Pat Riehecky <riehecky@fnal.gov>
To:  <scientific-linux-errata@listserv.fnal.gov>
Subject:  Security ERRATA Moderate: openldap on SL6.x i386/x86_64
Date:  Mon, 3 Feb 2014 20:15:10 +0000
Message-ID:  <20140203201510.10313.44760@slpackages.fnal.gov>

Synopsis: Moderate: openldap security and bug fix update Advisory ID: SLSA-2014:0126-1 Issue Date: 2014-02-03 CVE Numbers: CVE-2013-4449 -- A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) This update also fixes the following bug: * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. -- SL6 x86_64 openldap-2.4.23-34.el6_5.1.i686.rpm openldap-2.4.23-34.el6_5.1.x86_64.rpm openldap-clients-2.4.23-34.el6_5.1.x86_64.rpm openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm openldap-debuginfo-2.4.23-34.el6_5.1.x86_64.rpm openldap-devel-2.4.23-34.el6_5.1.i686.rpm openldap-devel-2.4.23-34.el6_5.1.x86_64.rpm openldap-servers-2.4.23-34.el6_5.1.x86_64.rpm openldap-servers-sql-2.4.23-34.el6_5.1.x86_64.rpm i386 openldap-2.4.23-34.el6_5.1.i686.rpm openldap-clients-2.4.23-34.el6_5.1.i686.rpm openldap-debuginfo-2.4.23-34.el6_5.1.i686.rpm openldap-devel-2.4.23-34.el6_5.1.i686.rpm openldap-servers-2.4.23-34.el6_5.1.i686.rpm openldap-servers-sql-2.4.23-34.el6_5.1.i686.rpm - Scientific Linux Development Team


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds