Advisories » MGASA-2014-0062

Updated openldap packages fix security vulnerability

Publication date: 12 Feb 2014
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4449

Description

A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use this
flaw to crash the server by immediately unbinding from the server after
sending a search request (CVE-2013-4449).
                

References

• http://www.openldap.org/its/index.cgi/Incoming?id=7723
• https://rhn.redhat.com/errata/RHSA-2014-0126.html
• https://bugs.mageia.org/show_bug.cgi?id=12586
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449

SRPMS

3/core

• openldap-2.4.33-7.1.mga3

4/core

• openldap-2.4.38-1.1.mga4