Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in openldap
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in openldap
ID: MDVSA-2008:058
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1, Mandriva 2008.0
Datum: Mi, 5. März 2008, 20:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658
Applikationen: OpenLDAP

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1204745754-11275-766


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:058
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openldap
 Date    : March 5, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior
 to 2.3.39 when running as a proxy-caching server.  It would allocate
 memory using a malloc variant rather than calloc, which prevented
 an array from being properly initialized and could possibly allow
 attackers to cause a denial of service (CVE-2007-5708).
 
 Two vulnerabilities were found in how slapd handled modify (prior
 to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control
 on objects stored in the BDB backend.  An authenticated user with
 permission to perform modify (CVE-2007-6698) or modrdn (CVE-2008-0658)
 operations could cause slapd to crash.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6698
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 d4427f6f960dceb0a54887395688b02d 
 2007.0/i586/libldap2.3_0-2.3.27-2.2mdv2007.0.i586.rpm
 fb96499f3a33a20274b95ae1fe986938 
 2007.0/i586/libldap2.3_0-devel-2.3.27-2.2mdv2007.0.i586.rpm
 0fe0f9a22d5a3d2b8d07170f7e02c360 
 2007.0/i586/libldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.i586.rpm
 248f3a65f570e22b7d1ec67e95a0249e 
 2007.0/i586/openldap-2.3.27-2.2mdv2007.0.i586.rpm
 0ecb5d940de1ec31b1191110d3b40e4e 
 2007.0/i586/openldap-clients-2.3.27-2.2mdv2007.0.i586.rpm
 43170f54bac53b30c6129b07253ab7f6 
 2007.0/i586/openldap-doc-2.3.27-2.2mdv2007.0.i586.rpm
 16a103849faddc8b9e300bd7738b5bde 
 2007.0/i586/openldap-servers-2.3.27-2.2mdv2007.0.i586.rpm 
 53476478b042cbbbb2e59edf5a2ff330 
 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 eb36e1526f2b3a3a03271edf66d2cca4 
 2007.0/x86_64/lib64ldap2.3_0-2.3.27-2.2mdv2007.0.x86_64.rpm
 6b37c2ee41eb94cb65ec40d551538022 
 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-2.2mdv2007.0.x86_64.rpm
 6f009e31ac35621ffa9247501d583ed1 
 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-2.2mdv2007.0.x86_64.rpm
 445fb7aeb7818f0358659c91fb8ada70 
 2007.0/x86_64/openldap-2.3.27-2.2mdv2007.0.x86_64.rpm
 3cc4725e66a377e07e908f48ee149acb 
 2007.0/x86_64/openldap-clients-2.3.27-2.2mdv2007.0.x86_64.rpm
 c5ba86642d7c9e6f3fe51d1201f9596c 
 2007.0/x86_64/openldap-doc-2.3.27-2.2mdv2007.0.x86_64.rpm
 13f4514be8c8f989cc4a1537ec8f8177 
 2007.0/x86_64/openldap-servers-2.3.27-2.2mdv2007.0.x86_64.rpm 
 53476478b042cbbbb2e59edf5a2ff330 
 2007.0/SRPMS/openldap-2.3.27-2.2mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 7cc3081ddcfd3db452d2e90036e3a628 
 2007.1/i586/libldap2.3_0-2.3.34-5.2mdv2007.1.i586.rpm
 fbc6f5333b7ca7796d95e8a3718f164a 
 2007.1/i586/libldap2.3_0-devel-2.3.34-5.2mdv2007.1.i586.rpm
 e7d258fa40a2a5c52314c856b3bc4fc1 
 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.i586.rpm
 589ef40a1af243f7664965fe090f7de2 
 2007.1/i586/openldap-2.3.34-5.2mdv2007.1.i586.rpm
 ce64d22f74a555746a408d86ab5c24cb 
 2007.1/i586/openldap-clients-2.3.34-5.2mdv2007.1.i586.rpm
 35e5939274493799d93f2eca1388420a 
 2007.1/i586/openldap-doc-2.3.34-5.2mdv2007.1.i586.rpm
 4dd84314508659366aaf95027f37896d 
 2007.1/i586/openldap-servers-2.3.34-5.2mdv2007.1.i586.rpm
 1117b03409884c7799a1f7fd4ac29725 
 2007.1/i586/openldap-testprogs-2.3.34-5.2mdv2007.1.i586.rpm
 67f80a1770d45f7e7e294bd8ec92846e 
 2007.1/i586/openldap-tests-2.3.34-5.2mdv2007.1.i586.rpm 
 a686ce5b015b7accd63d327a0f898d84 
 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 d47695976ba1bb63169509da41e57e07 
 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.2mdv2007.1.x86_64.rpm
 e6223017fb3b35792e680db1203aca6c 
 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.2mdv2007.1.x86_64.rpm
 320f8173708590828f70b4995d8ef2a8 
 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.2mdv2007.1.x86_64.rpm
 3b008b7ed26ea10234a13289e84f9388 
 2007.1/x86_64/openldap-2.3.34-5.2mdv2007.1.x86_64.rpm
 c158c817b74e2c1e678e8d34fef24a0e 
 2007.1/x86_64/openldap-clients-2.3.34-5.2mdv2007.1.x86_64.rpm
 7b457f83f95361b82e3340cdbc5dcff1 
 2007.1/x86_64/openldap-doc-2.3.34-5.2mdv2007.1.x86_64.rpm
 fde2e695d34441ae77714de0fb42d1ba 
 2007.1/x86_64/openldap-servers-2.3.34-5.2mdv2007.1.x86_64.rpm
 96715702c27b99497c5ec7aa917fb586 
 2007.1/x86_64/openldap-testprogs-2.3.34-5.2mdv2007.1.x86_64.rpm
 f55189544f96a7de67af997eae52631b 
 2007.1/x86_64/openldap-tests-2.3.34-5.2mdv2007.1.x86_64.rpm 
 a686ce5b015b7accd63d327a0f898d84 
 2007.1/SRPMS/openldap-2.3.34-5.2mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 50d197a5004773e80a4fa3fbf64f683b 
 2008.0/i586/libldap2.3_0-2.3.38-3.2mdv2008.0.i586.rpm
 3fb1cbd91ce0b520f1185883ba6631e4 
 2008.0/i586/libldap2.3_0-devel-2.3.38-3.2mdv2008.0.i586.rpm
 e6afb970700d63e982fb62108a5483af 
 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.i586.rpm
 bbdc4dc9929c911d63638833b636da11 
 2008.0/i586/openldap-2.3.38-3.2mdv2008.0.i586.rpm
 21ba24d4b6f8b09f7870e94c983e5706 
 2008.0/i586/openldap-clients-2.3.38-3.2mdv2008.0.i586.rpm
 8b12e3e7f72ca68c7839a4deccbd8781 
 2008.0/i586/openldap-doc-2.3.38-3.2mdv2008.0.i586.rpm
 04abf0a21b507a3626667f4bc7755738 
 2008.0/i586/openldap-servers-2.3.38-3.2mdv2008.0.i586.rpm
 fd6652cb4645b22b77afaa5e7d46c5b8 
 2008.0/i586/openldap-testprogs-2.3.38-3.2mdv2008.0.i586.rpm
 14690bfcbf5c3cbaf9f34e86fe812d58 
 2008.0/i586/openldap-tests-2.3.38-3.2mdv2008.0.i586.rpm 
 d04ebbb872eecb60934dbda7ad8cc310 
 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 e743f1c46812c62178d82792e78580b3 
 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.2mdv2008.0.x86_64.rpm
 02a8a95838044337c7c2813b2b6158cb 
 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.2mdv2008.0.x86_64.rpm
 4497a989916bda44db6bd5ce93373907 
 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.2mdv2008.0.x86_64.rpm
 a0c92471258de04a589a651bd571ece6 
 2008.0/x86_64/openldap-2.3.38-3.2mdv2008.0.x86_64.rpm
 16268ccf7f5fbc375c4fd8313bd389de 
 2008.0/x86_64/openldap-clients-2.3.38-3.2mdv2008.0.x86_64.rpm
 72de58e66a16f68212bff5fb899cf44c 
 2008.0/x86_64/openldap-doc-2.3.38-3.2mdv2008.0.x86_64.rpm
 7510f04c21750fca734ad4bd9c0b336e 
 2008.0/x86_64/openldap-servers-2.3.38-3.2mdv2008.0.x86_64.rpm
 353a580e2280b765e99906cd598f641a 
 2008.0/x86_64/openldap-testprogs-2.3.38-3.2mdv2008.0.x86_64.rpm
 1170527a0621b41bb9257bb3e1922dc1 
 2008.0/x86_64/openldap-tests-2.3.38-3.2mdv2008.0.x86_64.rpm 
 d04ebbb872eecb60934dbda7ad8cc310 
 2008.0/SRPMS/openldap-2.3.38-3.2mdv2008.0.src.rpm

 Corporate 4.0:
 4f14a96268be28e1a5b486e153080ff8 
 corporate/4.0/i586/libldap2.3_0-2.3.27-1.4.20060mlcs4.i586.rpm
 00a834b2fa4941e2c1a4a58c6c034df6 
 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.4.20060mlcs4.i586.rpm
 b21351bf410ad80dd2165cd680ec5512 
 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.i586.rpm
 f76ddc4f7daef7163d2b6ae3dc159bfa 
 corporate/4.0/i586/openldap-2.3.27-1.4.20060mlcs4.i586.rpm
 4f39a60ebc0f10b448249a6fd391881a 
 corporate/4.0/i586/openldap-clients-2.3.27-1.4.20060mlcs4.i586.rpm
 56c6a71605ef78d91f39764a6bd5805c 
 corporate/4.0/i586/openldap-doc-2.3.27-1.4.20060mlcs4.i586.rpm
 278c5076219f41b620fe4be209b560f6 
 corporate/4.0/i586/openldap-servers-2.3.27-1.4.20060mlcs4.i586.rpm 
 2ae4d3fde1ca0cdc2718edba0ed5caa7 
 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 001e7ac83e8b0f4bd786c7a34b18bc6f 
 corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.4.20060mlcs4.x86_64.rpm
 3a383bce15adeb349f2cbc2e2e09e617 
 corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm
 fb829cc7b376913774f7e17f63126ea7 
 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.4.20060mlcs4.x86_64.rpm
 8cf4600913c6f0480dcb4a83a2caf97e 
 corporate/4.0/x86_64/openldap-2.3.27-1.4.20060mlcs4.x86_64.rpm
 ebee2e465a241aef5a6317dff68cf939 
 corporate/4.0/x86_64/openldap-clients-2.3.27-1.4.20060mlcs4.x86_64.rpm
 b27b946152945b36385ed80cfaca5960 
 corporate/4.0/x86_64/openldap-doc-2.3.27-1.4.20060mlcs4.x86_64.rpm
 e567e790d1ae957531f899cb6fc766cf 
 corporate/4.0/x86_64/openldap-servers-2.3.27-1.4.20060mlcs4.x86_64.rpm 
 2ae4d3fde1ca0cdc2718edba0ed5caa7 
 corporate/4.0/SRPMS/openldap-2.3.27-1.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD4DBQFHzsnrmqjQ0CJFipgRAjZAAKCvb4GW3/uY7uLIBuTkI5eqiVzkOACY0HKn
tOFiQm6cMHQ8KwyDVlpFDA==
=lnDg
-----END PGP SIGNATURE-----


------------=_1204745754-11275-766
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1204745754-11275-766--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung