OpenLDAP: Multiple vulnerabilities — GLSA 201406-36

Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack.

Affected packages

Background

OpenLDAP is an LDAP suite of application and development tools.

Description

Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"
 

References

• CVE-2009-3767
• CVE-2010-0211
• CVE-2010-0212
• CVE-2011-1024
• CVE-2011-1025
• CVE-2011-1081
• CVE-2011-4079
• CVE-2012-1164
• CVE-2012-2668

Release date
June 30, 2014

Latest revision
June 30, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 290345
• 323777
• 355333
• 388605
• 407941
• 424167