Updated openldap packages fix security vulnerability
Publication date: 12 Feb 2014Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4449
Description
A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request (CVE-2013-4449).
References
SRPMS
4/core
- openldap-2.4.38-1.1.mga4
3/core
- openldap-2.4.33-7.1.mga3