The LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:0394 https://rhn.redhat.com/errata/RHSA-2009-0394.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1038 https://rhn.redhat.com/errata/RHSA-2009-1038.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1198 https://rhn.redhat.com/errata/RHSA-2009-1198.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.1 Via RHSA-2009:1662 https://rhn.redhat.com/errata/RHSA-2009-1662.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.3 Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html