--On Thursday, February 21, 2008 12:27 PM -0600 Brad Knowles
<[EMAIL PROTECTED]> wrote:
Hans Moser wrote:
I have a 4 cpu machine with SLES 9 and OpenLDAP 2.3.35.
If you can, you want to upgrade your OpenLDAP version to at least 2.3.39,
otherwise if an object class is mis-spelled your LDAP server can be
crashed by a double-free bug. This means anyone anywhere in the world
who can get a query executed on your LDAP server can cause it to crash.
You're wide open.
You may as well go to 2.3.41 if you are concerned about security issues,
since anyone issuing a modrdn can crash your 2.3 server if it is less than
2.3.41. ;)
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
