compat, openldap security update

2015-09-29T13:29:35
ID CESA-2015:1840
Type centos
Reporter CentOS Project
Modified 2015-09-29T14:02:22

Description

CentOS Errata and Security Advisory CESA-2015:1840

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)

All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2015-September/033456.html http://lists.centos.org/pipermail/centos-announce/2015-September/033457.html http://lists.centos.org/pipermail/centos-announce/2015-September/033458.html

Affected packages: compat-openldap openldap openldap-clients openldap-devel openldap-servers openldap-servers-overlays openldap-servers-sql

Upstream details at: https://rhn.redhat.com/errata/RHSA-2015-1840.html