Joined: 12 May 2004
|Posted: Mon Jun 30, 2014 9:26 pm Post subject: [ GLSA 201406-36 ] OpenLDAP: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: OpenLDAP: Multiple vulnerabilities (GLSA 201406-36)
Date: June 30, 2014
Bug(s): #290345, #323777, #355333, #388605, #407941, #424167
Multiple vulnerabilities were found in OpenLDAP, allowing for
Denial of Service or a man-in-the-middle attack.
OpenLDAP is an LDAP suite of application and development tools.
Vulnerable: < 2.4.35
Unaffected: >= 2.4.35
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in OpenLDAP. Please review
the CVE identifiers referenced below for details.
A remote attacker might employ a specially crafted certificate to
conduct man-in-the-middle attacks on SSL connections made using OpenLDAP,
bypass security restrictions or cause a Denial of Service condition.
There is no known workaround at this time.
All OpenLDAP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum