[SECURITY] Fedora 19 Update: openldap-2.4.39-2.fc19

Tue Mar 11 04:01:35 UTC 2014

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-2967
2014-02-22 16:34:58
--------------------------------------------------------------------------------

Name        : openldap
Product     : Fedora 19
Version     : 2.4.39
Release     : 2.fc19
URL         : http://www.openldap.org/
Summary     : LDAP support libraries
Description :
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools. LDAP is a set of
protocols for accessing directory services (usually phone book style
information, but other information is possible) over the Internet,
similar to the way DNS (Domain Name System) information is propagated
over the Internet. The openldap package contains configuration files,
libraries, and documentation for OpenLDAP.

--------------------------------------------------------------------------------
Update Information:

CVE-2013-4449: segfault on certain queries with rwm overlay (#1060851)
Update to 2.4.39 (#1067818)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb  4 2014 Jan Synáček <jsynacek at redhat.com> - 2.4.39-2
- CVE-2013-4449: segfault on certain queries with rwm overlay (#1060851)
* Wed Jan 29 2014 Jan Synáček <jsynacek at redhat.com> - 2.4.39-1
- new upstream release (#1059186)
* Mon Nov 18 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.38-1
- new upstream release (#1031608)
* Mon Nov 11 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.37-2
- fix: slaptest incorrectly handles 'include' directives containing a custom file (#1028935)
* Wed Oct 30 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.37-1
- new upstream release (#1023916)
- fix: missing a linefeed at the end of file /etc/openldap/ldap.conf (#1019836)
* Mon Oct 21 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.36-4
- fix: slapd daemon fails to start with segmentation fault on s390x (#1020661)
* Tue Oct 15 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.36-3
- rebuilt for libdb-5.3.28
* Mon Oct 14 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.36-2
- fix: CLDAP is broken for IPv6 (#1018688)
* Wed Sep  4 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.36-2
- fix: typos in manpages
* Tue Aug 20 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.36-1
- new upstream release
  + compile-in mdb backend
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.35-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 2.4.35-6
- Perl 5.18 rebuild
* Fri Jun 14 2013 Jan Synáček <jsynacek at redhat.com> - 2.4.35-5
- fix: using slaptest to convert slapd.conf to LDIF format ignores "loglevel 0"
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1060851 - CVE-2013-4449 openldap: segfault on certain queries with rwm overlay [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1060851
  [ 2 ] Bug #1067818 - Update openldap to 2.4.39
        https://bugzilla.redhat.com/show_bug.cgi?id=1067818
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openldap' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------