OpenLDAP: Multiple vulnerabilities Multiple vulnerabilities were found in OpenLDAP, allowing for Denial of Service or a man-in-the-middle attack. OpenLDAP June 30, 2014 June 30, 2014: 1 290345 323777 355333 388605 407941 424167 remote 2.4.35 2.4.35

OpenLDAP is an LDAP suite of application and development tools.

Multiple vulnerabilities have been discovered in OpenLDAP. Please review the CVE identifiers referenced below for details.

A remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections made using OpenLDAP, bypass security restrictions or cause a Denial of Service condition.

There is no known workaround at this time.

All OpenLDAP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-nds/openldap-2.4.35" CVE-2009-3767 CVE-2010-0211 CVE-2010-0212 CVE-2011-1024 CVE-2011-1025 CVE-2011-1081 CVE-2011-4079 CVE-2012-1164 CVE-2012-2668 keytoaster craig