OpenLDAP: Multiple vulnerabilities
Gentoo Linux Security Advisory
||GLSA 201406-36 / OpenLDAP
||June 30, 2014
||June 30, 2014: 1
All supported architectures
#290345, #323777, #355333, #388605, #407941, #424167
Multiple vulnerabilities were found in OpenLDAP, allowing for
Denial of Service or a man-in-the-middle attack.
OpenLDAP is an LDAP suite of application and development tools.
Multiple vulnerabilities have been discovered in OpenLDAP. Please review
the CVE identifiers referenced below for details.
A remote attacker might employ a specially crafted certificate to
conduct man-in-the-middle attacks on SSL connections made using OpenLDAP,
bypass security restrictions or cause a Denial of Service condition.
There is no known workaround at this time.
All OpenLDAP users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35"