Advisories ยป MGASA-2014-0062

Updated openldap packages fix security vulnerability

Publication date: 12 Feb 2014
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-4449

Description

A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use this
flaw to crash the server by immediately unbinding from the server after
sending a search request (CVE-2013-4449).
                

References

SRPMS

4/core

3/core