Oval Definition:oval:com.redhat.rhsa:def:20140206
Revision Date:2014-02-24Version:635
Title:RHSA-2014:0206: openldap security update (Moderate)
Description:OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

  • A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449)

    Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.

    All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2013-4449
    CVE-2013-4449
    RHSA-2014:0206
    RHSA-2014:0206-00
    RHSA-2014:0206-01
    Platform(s):Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • compat-openldap is earlier than 0:2.3.43_2.2.29-27.el5_10
  • AND compat-openldap is signed with Red Hat redhatrelease2 key
  • openldap is earlier than 0:2.3.43-27.el5_10
  • AND openldap is signed with Red Hat redhatrelease2 key
  • openldap-clients is earlier than 0:2.3.43-27.el5_10
  • AND openldap-clients is signed with Red Hat redhatrelease2 key
  • openldap-devel is earlier than 0:2.3.43-27.el5_10
  • AND openldap-devel is signed with Red Hat redhatrelease2 key
  • openldap-servers is earlier than 0:2.3.43-27.el5_10
  • AND openldap-servers is signed with Red Hat redhatrelease2 key
  • openldap-servers-overlays is earlier than 0:2.3.43-27.el5_10
  • AND openldap-servers-overlays is signed with Red Hat redhatrelease2 key
  • openldap-servers-sql is earlier than 0:2.3.43-27.el5_10
  • AND openldap-servers-sql is signed with Red Hat redhatrelease2 key
  • BACK