[Security Announce] [ MDKSA-2006:208 ] - Updated openldap packages fixes Bind vulnerability
Posted on: 11/15/2006 09:55 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:208
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openldap
Date : November 14, 2006
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
b72665688e5e1ff9b6fe0e681af6cb05 2006.0/i586/libldap2.3_0-2.3.6-4.3.20060mdk.i586.rpm
84a2dc039815bb6d67683d4e63ca0621 2006.0/i586/libldap2.3_0-devel-2.3.6-4.3.20060mdk.i586.rpm
1fbf4c412d038ed9b8f858e33a35ead5 2006.0/i586/libldap2.3_0-static-devel-2.3.6-4.3.20060mdk.i586.rpm
7bcd4adfab46638fb4dad1e348bc59bf 2006.0/i586/openldap-2.3.6-4.3.20060mdk.i586.rpm
639fa71315c66e551ac238c9f3de2bd4 2006.0/i586/openldap-clients-2.3.6-4.3.20060mdk.i586.rpm
852dd34144c00b4133ec682ec51bc9e6 2006.0/i586/openldap-doc-2.3.6-4.3.20060mdk.i586.rpm
6dfb754e096a7b5938abdc2e9075f1db 2006.0/i586/openldap-servers-2.3.6-4.3.20060mdk.i586.rpm
33c1cbabec53f8a4ae97814ee00ede84 2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
6d18e8fcd352be094574246da2a79c42 2006.0/x86_64/lib64ldap2.3_0-2.3.6-4.3.20060mdk.x86_64.rpm
b27b5f57402c4a3f962804f1b704f1a2 2006.0/x86_64/lib64ldap2.3_0-devel-2.3.6-4.3.20060mdk.x86_64.rpm
c637b0949ac7724b60bac03f00844ecd 2006.0/x86_64/lib64ldap2.3_0-static-devel-2.3.6-4.3.20060mdk.x86_64.rpm
e04a970029040bc722942d6a04db4710 2006.0/x86_64/openldap-2.3.6-4.3.20060mdk.x86_64.rpm
246c24e419b857592a719e6d02f4d1d9 2006.0/x86_64/openldap-clients-2.3.6-4.3.20060mdk.x86_64.rpm
97c6bfac30389a0b3a64c7d7783a3e9a 2006.0/x86_64/openldap-doc-2.3.6-4.3.20060mdk.x86_64.rpm
31dcb6111bcb5204d47f86bf210daa27 2006.0/x86_64/openldap-servers-2.3.6-4.3.20060mdk.x86_64.rpm
33c1cbabec53f8a4ae97814ee00ede84 2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

Mandriva Linux 2007.0:
39b1958af245ecfcecf20c97ad4bc166 2007.0/i586/libldap2.3_0-2.3.27-1.1mdv2007.0.i586.rpm
c40f187a17e9cc9343072d2cb85c907c 2007.0/i586/libldap2.3_0-devel-2.3.27-1.1mdv2007.0.i586.rpm
26791df1fecb524951de012a18cd0bee 2007.0/i586/libldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.i586.rpm
89b2d92928afb2c7ecfaa0e1cb19c2fc 2007.0/i586/openldap-2.3.27-1.1mdv2007.0.i586.rpm
110928ada569de751e90b6458f15d70c 2007.0/i586/openldap-clients-2.3.27-1.1mdv2007.0.i586.rpm
02ab9fa4f2df8939006274859bad973e 2007.0/i586/openldap-doc-2.3.27-1.1mdv2007.0.i586.rpm
f1c1cdd706a0d588169f43fdf0364798 2007.0/i586/openldap-servers-2.3.27-1.1mdv2007.0.i586.rpm
f5dca5dfc0b0b9dc943eb91329d5edd4 2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
842e1009b0f1df726c6782ccc44a9f8e 2007.0/x86_64/lib64ldap2.3_0-2.3.27-1.1mdv2007.0.x86_64.rpm
14a0154ec9c9c14cff5f1071792188fa 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
08be2ac440ca59f1d572f15479c2813a 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
15d356bbf748f5ac65068e51aeed23f6 2007.0/x86_64/openldap-2.3.27-1.1mdv2007.0.x86_64.rpm
d90efede17b72263125047dedfcf8ede 2007.0/x86_64/openldap-clients-2.3.27-1.1mdv2007.0.x86_64.rpm
ab5d0a91199c1e3f72bccbec7de94d9c 2007.0/x86_64/openldap-doc-2.3.27-1.1mdv2007.0.x86_64.rpm
959d798ef393b2ce85aff8311390f41c 2007.0/x86_64/openldap-servers-2.3.27-1.1mdv2007.0.x86_64.rpm
f5dca5dfc0b0b9dc943eb91329d5edd4 2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

Corporate 3.0:
f3499debd45315f02d33eda18e5c86b7 corporate/3.0/i586/libldap2-2.1.25-7.3.C30mdk.i586.rpm
68ca2a014ada5bbd31214cf028b37463 corporate/3.0/i586/libldap2-devel-2.1.25-7.3.C30mdk.i586.rpm
aa5847991ac3354a5ea0a1bad87b0a67 corporate/3.0/i586/libldap2-devel-static-2.1.25-7.3.C30mdk.i586.rpm
628a3eaff7a146fb0bb1d8d90ecb42e0 corporate/3.0/i586/openldap-2.1.25-7.3.C30mdk.i586.rpm
957f7be83dbf78efd6a2d268d9141ff6 corporate/3.0/i586/openldap-back_dnssrv-2.1.25-7.3.C30mdk.i586.rpm
4ce6284c6afd75d84ea37606ae1d6e93 corporate/3.0/i586/openldap-back_ldap-2.1.25-7.3.C30mdk.i586.rpm
270c11c28dfc20c64e1533d2898d36cf corporate/3.0/i586/openldap-back_passwd-2.1.25-7.3.C30mdk.i586.rpm
5d7d58339e9201248fc010575cb31869 corporate/3.0/i586/openldap-back_sql-2.1.25-7.3.C30mdk.i586.rpm
a9abf93db02be8a440e1552f68de461f corporate/3.0/i586/openldap-clients-2.1.25-7.3.C30mdk.i586.rpm
276f933bf4b2b4ec2154c1711e390528 corporate/3.0/i586/openldap-doc-2.1.25-7.3.C30mdk.i586.rpm
e5413f3739f4f0b05d5613fcfe4ed440 corporate/3.0/i586/openldap-migration-2.1.25-7.3.C30mdk.i586.rpm
b853003aec279c201f340c2a4e522b6d corporate/3.0/i586/openldap-servers-2.1.25-7.3.C30mdk.i586.rpm
184104c031fff375d12005fac7d6352e corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
69b5e3f05a202fe319c547c376c26f43 corporate/3.0/x86_64/lib64ldap2-2.1.25-7.3.C30mdk.x86_64.rpm
86e94f0d7df100c840f8fa649f2c8f04 corporate/3.0/x86_64/lib64ldap2-devel-2.1.25-7.3.C30mdk.x86_64.rpm
ec89988f5d9f6bf013de22736735ad3a corporate/3.0/x86_64/lib64ldap2-devel-static-2.1.25-7.3.C30mdk.x86_64.rpm
12f6b3d614fde22c3d1d0458b47b2e09 corporate/3.0/x86_64/openldap-2.1.25-7.3.C30mdk.x86_64.rpm
9e70aa982d5edf76205affe8c6547c7c corporate/3.0/x86_64/openldap-back_dnssrv-2.1.25-7.3.C30mdk.x86_64.rpm
0ca56de551113c06139523c8060ee04f corporate/3.0/x86_64/openldap-back_ldap-2.1.25-7.3.C30mdk.x86_64.rpm
e120437dc64eecb38695827b659d534d corporate/3.0/x86_64/openldap-back_passwd-2.1.25-7.3.C30mdk.x86_64.rpm
c3f0c912cf165a322d1e490c02b46b7c corporate/3.0/x86_64/openldap-back_sql-2.1.25-7.3.C30mdk.x86_64.rpm
572a10324d86c9376e7b585617daeecb corporate/3.0/x86_64/openldap-clients-2.1.25-7.3.C30mdk.x86_64.rpm
0ea5646134953fa6a599ba1dc52c5c67 corporate/3.0/x86_64/openldap-doc-2.1.25-7.3.C30mdk.x86_64.rpm
12271a5c7103edc6515fc13f13ae390d corporate/3.0/x86_64/openldap-migration-2.1.25-7.3.C30mdk.x86_64.rpm
60d1bc217a56e8ed0acccf9243f77e42 corporate/3.0/x86_64/openldap-servers-2.1.25-7.3.C30mdk.x86_64.rpm
184104c031fff375d12005fac7d6352e corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

Corporate 4.0:
7a96aee0968898d0a46ac7107849ea56 corporate/4.0/i586/libldap2.3_0-2.3.27-1.1.20060mlcs4.i586.rpm
f98daa7a97e82d79fac31548c85c456b corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.1.20060mlcs4.i586.rpm
cf50b0867443ec18b5849a7bef113eb5 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.i586.rpm
614aff258fbd40b6823280a70bcfb17c corporate/4.0/i586/openldap-2.3.27-1.1.20060mlcs4.i586.rpm
7a27a65d85b8e40413c72745c8b9daff corporate/4.0/i586/openldap-clients-2.3.27-1.1.20060mlcs4.i586.rpm
aefdaa8925507142a24d1d416e71d82e corporate/4.0/i586/openldap-doc-2.3.27-1.1.20060mlcs4.i586.rpm
f24e13fcae66cd5905ac8cf0bc85a687 corporate/4.0/i586/openldap-servers-2.3.27-1.1.20060mlcs4.i586.rpm
c5d9d03480f8377b56765da2b82d7645 corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b82aaccd80eb00bce088c527d246da23 corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.1.20060mlcs4.x86_64.rpm
081db34fc9f26674c5f3e66dbf55beb7 corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
bae33dc8d695f5066afb02758d3a6ccb corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
36ba69c7f7ae3664ac5a9f1ce5d15294 corporate/4.0/x86_64/openldap-2.3.27-1.1.20060mlcs4.x86_64.rpm
5ec8ee09c948ef6e83287ca6855b730a corporate/4.0/x86_64/openldap-clients-2.3.27-1.1.20060mlcs4.x86_64.rpm
58445377fced4fe1c64b4f5e1c484eaa corporate/4.0/x86_64/openldap-doc-2.3.27-1.1.20060mlcs4.x86_64.rpm
076df2a66bbee52c444ab19f3268d5db corporate/4.0/x86_64/openldap-servers-2.3.27-1.1.20060mlcs4.x86_64.rpm
c5d9d03480f8377b56765da2b82d7645 corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWoQqmqjQ0CJFipgRAq51AKCEDMu1gc4XvH1izr47rjj+e5+4OwCfZExo
J1MXuWqzXUuZLK8czYHBx7I=
=s8yk
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006208__updated_openldap_packages_fixes_bind_vulnerability.html)