compat, openldap security update

ID CESA-2015:1840
Type centos
Reporter CentOS Project
Modified 2015-09-29T14:02:22


CentOS Errata and Security Advisory CESA-2015:1840

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.

A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908)

All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

Merged security bulletin from advisories:

Affected packages: compat-openldap openldap openldap-clients openldap-devel openldap-servers openldap-servers-overlays openldap-servers-sql

Upstream details at: