Updated nss-pam-ldapd packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from theCVE link in the References section. The nss-pam-ldapd packages provide the nss-pam-ldapd daemon , whichuses a directory server to lookup name service information on behalf of alightweight nsswitch module.An array index error, leading to a stack-based buffer overflow flaw, wasfound in the way nss-pam-ldapd managed open file descriptors. An attackerable to make a process have a large number of open file descriptors andperform name lookups could use this flaw to cause the process to crash or,potentially, execute arbitrary code with the privileges of the user runningthe process. Red Hat would like to thank Garth Mollett for reporting this issue.All users of nss-pam-ldapd are advised to upgrade to these updatedpackages, which contain a backported patch to fix this issue.