CentOS Errata and Security Advisory CESA-2015:1840
OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)
All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2015-September/033456.html http://lists.centos.org/pipermail/centos-announce/2015-September/033457.html http://lists.centos.org/pipermail/centos-announce/2015-September/033458.html
Affected packages: compat-openldap openldap openldap-clients openldap-devel openldap-servers openldap-servers-overlays openldap-servers-sql
Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-1840.html