Debian: DSA-3209-1 Critical: OpenLDAP Denial Of Service Issues

Multiple vulnerabilities were found in OpenLDAP, a free implementation
of the Lightweight Directory Access Protocol.

CVE-2013-4449

Michael Vishchers from Seven Principles AG discovered a denial of
service vulnerability in slapd, the directory server implementation.
When the server is configured to used the RWM overlay, an attacker
can make it crash by unbinding just after connecting, because of an
issue with reference counting.

CVE-2014-9713

The default Debian configuration of the directory database allows
every users to edit their own attributes. When LDAP directories are
used for access control, and this is done using user attributes, an
authenticated user can leverage this to gain access to unauthorized
resources.
.
Please note this is a Debian specific vulnerability.
.
The new package won't use the unsafe access control rule for new
databases, but existing configurations won't be automatically
modified. Administrators are incited to l...