[Security Announce] [ MDKSA-2007:215 ] - Updated openldap packages fix vulnerability
Posted on: 11/09/2007 01:15 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:215
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openldap
Date : November 8, 2007
Affected: 2007.0, 2007.1, 2008.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A flaw in the way OpenLDAP's slapd daemon handled malformed
objectClasses LDAP attributes was discovered. A local or remote
attacker could create an LDAP request that could cause a denial of
service by crashing slapd.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
990b5aeb43c3ea1dd23420461fe94ab7 2007.0/i586/libldap2.3_0-2.3.27-2.1mdv2007.0.i586.rpm
3e5b2fbecdfa897d3a74766a351e7286 2007.0/i586/libldap2.3_0-devel-2.3.27-2.1mdv2007.0.i586.rpm
7176847954932e5ecb4d6d18a1d9c042 2007.0/i586/libldap2.3_0-static-devel-2.3.27-2.1mdv2007.0.i586.rpm
10f8498a321119191000744b02d18887 2007.0/i586/openldap-2.3.27-2.1mdv2007.0.i586.rpm
4cfdea3452a7e090f8e66557651ff59b 2007.0/i586/openldap-clients-2.3.27-2.1mdv2007.0.i586.rpm
dfb71eaff593062b8282e38487e06aca 2007.0/i586/openldap-doc-2.3.27-2.1mdv2007.0.i586.rpm
0b588b4912175400326652048b9a36d1 2007.0/i586/openldap-servers-2.3.27-2.1mdv2007.0.i586.rpm
86b5713488b4f7e75d8b8bd7b27e196a 2007.0/SRPMS/openldap-2.3.27-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
d8a439e437a439350da6b65584caddc6 2007.0/x86_64/lib64ldap2.3_0-2.3.27-2.1mdv2007.0.x86_64.rpm
bef35c75c2b93fec631eec753b5d5077 2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-2.1mdv2007.0.x86_64.rpm
295144808211b11b2d15b95b70530c83 2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-2.1mdv2007.0.x86_64.rpm
60f883fc552b7c721c62fb4375cfa424 2007.0/x86_64/openldap-2.3.27-2.1mdv2007.0.x86_64.rpm
313cf766d90eccb323567a6b04068b5f 2007.0/x86_64/openldap-clients-2.3.27-2.1mdv2007.0.x86_64.rpm
5ef7bd9c107e123c7dca5362c79139e1 2007.0/x86_64/openldap-doc-2.3.27-2.1mdv2007.0.x86_64.rpm
d63cb5025784abfaea4a0cbd22886ae1 2007.0/x86_64/openldap-servers-2.3.27-2.1mdv2007.0.x86_64.rpm
86b5713488b4f7e75d8b8bd7b27e196a 2007.0/SRPMS/openldap-2.3.27-2.1mdv2007.0.src.rpm

Mandriva Linux 2007.1:
4eb932863d525cfe8373e7a1ff7b2f61 2007.1/i586/libldap2.3_0-2.3.34-5.1mdv2007.1.i586.rpm
729ab87fdcc53ba6b8a57f59c8ec13b6 2007.1/i586/libldap2.3_0-devel-2.3.34-5.1mdv2007.1.i586.rpm
b126cb0874c37daece7da3079204c0dd 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.1mdv2007.1.i586.rpm
d98e583a89ce91248d4f39e63f74657d 2007.1/i586/openldap-2.3.34-5.1mdv2007.1.i586.rpm
11edea4916bae05f986cdb072d869a62 2007.1/i586/openldap-clients-2.3.34-5.1mdv2007.1.i586.rpm
97117ab361fdf1a9f51261d51c58f55b 2007.1/i586/openldap-doc-2.3.34-5.1mdv2007.1.i586.rpm
04634dc3afa3c82046eb947433657da9 2007.1/i586/openldap-servers-2.3.34-5.1mdv2007.1.i586.rpm
3fb25795eccc8cb878b79e79ba7ea8c2 2007.1/i586/openldap-testprogs-2.3.34-5.1mdv2007.1.i586.rpm
698093af72677ba3128bd8e5fcfb9797 2007.1/i586/openldap-tests-2.3.34-5.1mdv2007.1.i586.rpm
731ba86f6727fba78dbdf2a2d4db94e8 2007.1/SRPMS/openldap-2.3.34-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
bd9e124e1ed617f684d7d5599309e9a3 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.1mdv2007.1.x86_64.rpm
aae65537b8b55b875bc65e16b521bd25 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.1mdv2007.1.x86_64.rpm
9d648a94d5f0229a57fd5941fcc55320 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.1mdv2007.1.x86_64.rpm
e1d8dc7ae1004ce96c6b1e0dad2a72ad 2007.1/x86_64/openldap-2.3.34-5.1mdv2007.1.x86_64.rpm
245ce697df60a8dc820c449b3e72c031 2007.1/x86_64/openldap-clients-2.3.34-5.1mdv2007.1.x86_64.rpm
b30b748d9e820be6aea2146883ef8551 2007.1/x86_64/openldap-doc-2.3.34-5.1mdv2007.1.x86_64.rpm
b678945ab5688d3361a5791ca6b3d926 2007.1/x86_64/openldap-servers-2.3.34-5.1mdv2007.1.x86_64.rpm
f5f3042e9275eadaf2a2f349085fba31 2007.1/x86_64/openldap-testprogs-2.3.34-5.1mdv2007.1.x86_64.rpm
1d06b0fe56dcaf9f55a8031c394a7eb2 2007.1/x86_64/openldap-tests-2.3.34-5.1mdv2007.1.x86_64.rpm
731ba86f6727fba78dbdf2a2d4db94e8 2007.1/SRPMS/openldap-2.3.34-5.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
e5df28e9704d3b5e115695cb7af2d18b 2008.0/i586/libldap2.3_0-2.3.38-3.1mdv2008.0.i586.rpm
62eeb6293a57adad633e2135ab8a497b 2008.0/i586/libldap2.3_0-devel-2.3.38-3.1mdv2008.0.i586.rpm
cb276f257e6ba73d1c252eb645903b40 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.1mdv2008.0.i586.rpm
4e1c9d488e0cc6779713dc09564e8bf9 2008.0/i586/openldap-2.3.38-3.1mdv2008.0.i586.rpm
be6e42008448d22bc0fe39cba2633df6 2008.0/i586/openldap-clients-2.3.38-3.1mdv2008.0.i586.rpm
7ff11984059160f386a2d237670da66b 2008.0/i586/openldap-doc-2.3.38-3.1mdv2008.0.i586.rpm
0d52a73bb95045876d9aabcf76bd44a9 2008.0/i586/openldap-servers-2.3.38-3.1mdv2008.0.i586.rpm
c1e7fb4f4671f9a2e4d31f383f75a2dc 2008.0/i586/openldap-testprogs-2.3.38-3.1mdv2008.0.i586.rpm
8ce02cb4e9948a7f238d6e1d1edea3e9 2008.0/i586/openldap-tests-2.3.38-3.1mdv2008.0.i586.rpm
3ac07bb280afa2b9f74fbbaa3f4d25dd 2008.0/SRPMS/openldap-2.3.38-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b46e3c386708d787222626f2f5fbc5dc 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.1mdv2008.0.x86_64.rpm
b86b907bfdb5f3c0b27784c0866fa138 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.1mdv2008.0.x86_64.rpm
cea3279b4b7125f91a5e7858eafb41d4 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.1mdv2008.0.x86_64.rpm
a77426dd17937c41f5a07d798280a65d 2008.0/x86_64/openldap-2.3.38-3.1mdv2008.0.x86_64.rpm
62e1af8046e1d8c5e370e12616ca0067 2008.0/x86_64/openldap-clients-2.3.38-3.1mdv2008.0.x86_64.rpm
66925a2a912aff397f8d23e53c00d38a 2008.0/x86_64/openldap-doc-2.3.38-3.1mdv2008.0.x86_64.rpm
4ea64bf15e0f58d14685495a15d12cfe 2008.0/x86_64/openldap-servers-2.3.38-3.1mdv2008.0.x86_64.rpm
8fc77afac4f74b247e5dabcfcc5cea30 2008.0/x86_64/openldap-testprogs-2.3.38-3.1mdv2008.0.x86_64.rpm
d6a9a8b7d9cc7a950283676a8660da7d 2008.0/x86_64/openldap-tests-2.3.38-3.1mdv2008.0.x86_64.rpm
3ac07bb280afa2b9f74fbbaa3f4d25dd 2008.0/SRPMS/openldap-2.3.38-3.1mdv2008.0.src.rpm

Corporate 4.0:
cf74ff35e45729f5841351f2876bc060 corporate/4.0/i586/libldap2.3_0-2.3.27-1.3.20060mlcs4.i586.rpm
c637c2433d50e7ce06d5ce75c0e66e76 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.3.20060mlcs4.i586.rpm
91f637ffdd60c7eaf6cac6276b6d9222 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.3.20060mlcs4.i586.rpm
f9a692121f89f1b8cfedd09bcb2ba826 corporate/4.0/i586/openldap-2.3.27-1.3.20060mlcs4.i586.rpm
8f82f25657e30d3fe0cc2e6c43b1a554 corporate/4.0/i586/openldap-clients-2.3.27-1.3.20060mlcs4.i586.rpm
c8d6eedb16cb9bed5e5f7ec54736cac3 corporate/4.0/i586/openldap-doc-2.3.27-1.3.20060mlcs4.i586.rpm
49453a80d1a9b4daf55aaa04ed2e22e2 corporate/4.0/i586/openldap-servers-2.3.27-1.3.20060mlcs4.i586.rpm
14cf9599f47960f3e4746e9a2c3a08fa corporate/4.0/SRPMS/openldap-2.3.27-1.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b0e3d280a508277c687cc263cf4d855f corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.3.20060mlcs4.x86_64.rpm
5a8f28372fb919782b1d88873cd3df95 corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.3.20060mlcs4.x86_64.rpm
68f0b5b39cfda0c73d119ca23568f126 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.3.20060mlcs4.x86_64.rpm
78cb5b44f186e888f16a285ea1cf2652 corporate/4.0/x86_64/openldap-2.3.27-1.3.20060mlcs4.x86_64.rpm
949ad44ec9dca6bb5674c94268375f5f corporate/4.0/x86_64/openldap-clients-2.3.27-1.3.20060mlcs4.x86_64.rpm
f30129d801f09dc718afc3adf8c0f844 corporate/4.0/x86_64/openldap-doc-2.3.27-1.3.20060mlcs4.x86_64.rpm
8ab38aeaf800a5aeb8716a6b8ad33cfa corporate/4.0/x86_64/openldap-servers-2.3.27-1.3.20060mlcs4.x86_64.rpm
14cf9599f47960f3e4746e9a2c3a08fa corporate/4.0/SRPMS/openldap-2.3.27-1.3.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHM7WmmqjQ0CJFipgRAuYPAJ9492UtedmPCvwkavEZqv1W6IiI5ACfc7JU
wHjS1019XDdoGth74aUNk4w=
=50FB
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007215__updated_openldap_packages_fix_vulnerability.html)