OracleVM 3.3 : openldap (OVMSA-2015-0123)

The remote OracleVM system is missing necessary patches to address critical security updates : - CVE-2015-6908 openldap: bergetnext denial of service vulnerability 1263171 - fix: nslcd segfaults due to incorrect mutex initialization 1144294 - fix: Updating openldap deletes database if slapd.conf ...

CVE-2011-0438

nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication...