Description
OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols used
to access and maintain distributed directory information services over an
IP network. The openldap package contains configuration files, libraries,
and documentation for OpenLDAP.
A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use this
flaw to crash the server by immediately unbinding from the server after
sending a search request. (CVE-2013-4449)
Red Hat would like to thank Michael Vishchers from Seven Principles AG for
reporting this issue.
All openldap users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.