[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[RHSA-2007:0430-01] Low: openldap security and bug-fix update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: openldap security and bug-fix update
Advisory ID:       RHSA-2007:0430-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0430.html
Issue date:        2007-06-07
Updated on:        2007-06-11
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2006-4600 
- ---------------------------------------------------------------------

1. Summary:

A updated openldap packages that fix a security flaw and a memory leak bug
are now available for Red Hat Enterprise Linux 3.

This update has been rated as having low security impact by the Red Hat 
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access 
Protocol) applications, libraries and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
Users with selfwrite access should only be able to modify their own
distinguished name. (CVE-2006-4600)

A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An
application using this function could result in an Out Of Memory (OOM)
condition, crashing the application.

All users are advised to upgrade to this updated openldap package, 
which contains a backported fix and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

174830 - ldap_start_tls_s() leaks
234222 - CVE-2006-4600 openldap improper selfwrite access

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9  openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11  openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43  openldap-devel-2.0.27-23.i386.rpm
b25d30b22f05c54f7b3a8b47bdd72c81  openldap-servers-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294  openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434  openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031  openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e  openldap-devel-2.0.27-23.ia64.rpm
f3f74213f1009bbba1ed742abeb4e516  openldap-servers-2.0.27-23.ia64.rpm

ppc:
eae9e7dbec414c10a54770a94c57d735  openldap-2.0.27-23.ppc.rpm
378cb9ba97f25107ebc060f644fadf80  openldap-2.0.27-23.ppc64.rpm
d9e0f7aeeafb14a1288a8384fd8ef9f8  openldap-clients-2.0.27-23.ppc.rpm
8b2bdb320e3bcd014213b319622548b1  openldap-debuginfo-2.0.27-23.ppc.rpm
a8f14b56b5ea45416e40b613180e38f9  openldap-debuginfo-2.0.27-23.ppc64.rpm
522fe726a5373a5c42435bff8b395609  openldap-devel-2.0.27-23.ppc.rpm
f89e5e5c020e6bafc5e154ab10ad9ae5  openldap-servers-2.0.27-23.ppc.rpm

s390:
68148e3af61ca4cc0267f3a6f07cc059  openldap-2.0.27-23.s390.rpm
895b116e8923751dfabc9cf41c025eb3  openldap-clients-2.0.27-23.s390.rpm
6b3e9abe28b4e3a421720d1ef674e7ef  openldap-debuginfo-2.0.27-23.s390.rpm
06f139c14fc7d9ec5f61ba84be7c2a5b  openldap-devel-2.0.27-23.s390.rpm
cde08dd02987c20e08a930aecbe0d194  openldap-servers-2.0.27-23.s390.rpm

s390x:
68148e3af61ca4cc0267f3a6f07cc059  openldap-2.0.27-23.s390.rpm
2d97098935b12bc7a7155934bb8d849f  openldap-2.0.27-23.s390x.rpm
1c36f1d2341ce25813f1b4e47b4df10c  openldap-clients-2.0.27-23.s390x.rpm
6b3e9abe28b4e3a421720d1ef674e7ef  openldap-debuginfo-2.0.27-23.s390.rpm
10cb268523d05fb561a0a5d5fbb7db0d  openldap-debuginfo-2.0.27-23.s390x.rpm
f35adeafb6acb5d00e3082f68744f55b  openldap-devel-2.0.27-23.s390x.rpm
4c0f4dcab4a8eec4bbbde1b8c43e9c34  openldap-servers-2.0.27-23.s390x.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85  openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95  openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8  openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc  openldap-devel-2.0.27-23.x86_64.rpm
2d067b74d6f3f5958bab9ff858fdebdb  openldap-servers-2.0.27-23.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9  openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11  openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43  openldap-devel-2.0.27-23.i386.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85  openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95  openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8  openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc  openldap-devel-2.0.27-23.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9  openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11  openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43  openldap-devel-2.0.27-23.i386.rpm
b25d30b22f05c54f7b3a8b47bdd72c81  openldap-servers-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294  openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434  openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031  openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e  openldap-devel-2.0.27-23.ia64.rpm
f3f74213f1009bbba1ed742abeb4e516  openldap-servers-2.0.27-23.ia64.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85  openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95  openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8  openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc  openldap-devel-2.0.27-23.x86_64.rpm
2d067b74d6f3f5958bab9ff858fdebdb  openldap-servers-2.0.27-23.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9  openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11  openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43  openldap-devel-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294  openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434  openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031  openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e  openldap-devel-2.0.27-23.ia64.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775  openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85  openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95  openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713  openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8  openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc  openldap-devel-2.0.27-23.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert redhat com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGbYwRXlSAg2UNWIIRAuUOAJ9gYpFb+pVCsagXtVpXWzPvnmONCgCguJqO
A5R0q3twAA5FfTou9vV5sw0=
=lpJ2
-----END PGP SIGNATURE-----




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]