Lucene search

K
centosCentOS ProjectCESA-2008:0583
HistoryJul 09, 2008 - 4:17 p.m.

compat, openldap security update

2008-07-0916:17:29
CentOS Project
lists.centos.org
50

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.823 High

EPSS

Percentile

98.3%

CentOS Errata and Security Advisory CESA-2008:0583

OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols for
accessing directory services.

A denial of service flaw was found in the way the OpenLDAP slapd daemon
processed certain network messages. An unauthenticated remote attacker
could send a specially crafted request that would crash the slapd daemon.
(CVE-2008-2952)

Users of openldap should upgrade to these updated packages, which contain a
backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-July/077256.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077259.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077262.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077263.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077270.html
https://lists.centos.org/pipermail/centos-announce/2008-July/077271.html

Affected packages:
compat-openldap
openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-sql

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0583

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.823 High

EPSS

Percentile

98.3%