compat, openldap security update

2014-02-2419:35:05

CentOS Project

lists.centos.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.94 High

EPSS

Percentile

99.1%

JSON

CentOS Errata and Security Advisory CESA-2014:0206

OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network. The openldap package contains configuration files, libraries,
and documentation for OpenLDAP.

A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use this
flaw to crash the server by immediately unbinding from the server after
sending a search request. (CVE-2013-4449)

Red Hat would like to thank Michael Vishchers from Seven Principles AG for
reporting this issue.

All openldap users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-February/082336.html

Affected packages:
compat-openldap
openldap
openldap-clients
openldap-devel
openldap-servers
openldap-servers-overlays
openldap-servers-sql

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:0206

OSVersionArchitecturePackageVersionFilename
CentOS5i386compat-openldap< 2.3.43_2.2.29-27.el5_10compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
CentOS5i386openldap< 2.3.43-27.el5_10openldap-2.3.43-27.el5_10.i386.rpm
CentOS5i386openldap-clients< 2.3.43-27.el5_10openldap-clients-2.3.43-27.el5_10.i386.rpm
CentOS5i386openldap-devel< 2.3.43-27.el5_10openldap-devel-2.3.43-27.el5_10.i386.rpm
CentOS5i386openldap-servers< 2.3.43-27.el5_10openldap-servers-2.3.43-27.el5_10.i386.rpm
CentOS5i386openldap-servers-overlays< 2.3.43-27.el5_10openldap-servers-overlays-2.3.43-27.el5_10.i386.rpm
CentOS5i386openldap-servers-sql< 2.3.43-27.el5_10openldap-servers-sql-2.3.43-27.el5_10.i386.rpm
CentOS5i386compat-openldap< 2.3.43_2.2.29-27.el5_10compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
CentOS5x86_64compat-openldap< 2.3.43_2.2.29-27.el5_10compat-openldap-2.3.43_2.2.29-27.el5_10.x86_64.rpm
CentOS5i386openldap< 2.3.43-27.el5_10openldap-2.3.43-27.el5_10.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	compat-openldap	< 2.3.43_2.2.29-27.el5_10	compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
CentOS	5	i386	openldap	< 2.3.43-27.el5_10	openldap-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	openldap-clients	< 2.3.43-27.el5_10	openldap-clients-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	openldap-devel	< 2.3.43-27.el5_10	openldap-devel-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	openldap-servers	< 2.3.43-27.el5_10	openldap-servers-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	openldap-servers-overlays	< 2.3.43-27.el5_10	openldap-servers-overlays-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	openldap-servers-sql	< 2.3.43-27.el5_10	openldap-servers-sql-2.3.43-27.el5_10.i386.rpm
CentOS	5	i386	compat-openldap	< 2.3.43_2.2.29-27.el5_10	compat-openldap-2.3.43_2.2.29-27.el5_10.i386.rpm
CentOS	5	x86_64	compat-openldap	< 2.3.43_2.2.29-27.el5_10	compat-openldap-2.3.43_2.2.29-27.el5_10.x86_64.rpm
CentOS	5	i386	openldap	< 2.3.43-27.el5_10	openldap-2.3.43-27.el5_10.i386.rpm