Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5707 to the following vulnerability: OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (slapd crash) via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double-free, but the reports are inconsistent. References: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5119 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 http://www.openldap.org/lists/openldap-announce/200710/msg00001.html http://www.securityfocus.com/bid/26245 http://www.frsirt.com/english/advisories/2007/3645 http://secunia.com/advisories/27424
Upstream patch: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modify.c.diff?r1=1.296&r2=1.297&f=h
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update openldap'
openldap-2.3.39-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update openldap'
openldap-2.3.34-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Fixed in all affected products: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1037.html http://rhn.redhat.com/errata/RHSA-2007-1038.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-3124 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-2796