Red Hat Security Advisory 2013-1753-01 - The redhat-ds-base packages provide Red Hat Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the Red Hat Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the Red Hat Directory Server could cause it to crash.
5b8559c1c646e6733875d75f877cdff2a226c1740058ecaee6c40c29d1d6dd4d
Red Hat Security Advisory 2013-1752-01 - The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.
20a8d6d2869bfb3ed8d47cd06a93bce63301dddd20e9086a8e255a4e2fe0d15c