Jump to content
Compatible Support Forums
Sign in to follow this  
news

[Security Announce] [ MDVSA-2008:144 ] - Updated openldap packages fix slapd DoS vulnerability

Recommended Posts

This is a multi-part message in MIME format...

 

------------=_1215843337-11275-7297

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:144

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : openldap

Date : July 11, 2008

Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0,

Multi Network Firewall 2.0

_______________________________________________________________________

 

Problem Description:

 

A denial of service vulnerability was discovered in the way

the OpenLDAP slapd daemon processed certain network messages.

An unauthenticated remote attacker could send a specially crafted

request that would crash the slapd daemon (CVE-2008-2952).

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2007.1:

0f52157174c6699ff1d2121e38de45c8 2007.1/i586/libldap2.3_0-2.3.34-5.3mdv2007.1.i586.rpm

fb8f6a26fd7b5b8757deda8ff9b9582b 2007.1/i586/libldap2.3_0-devel-2.3.34-5.3mdv2007.1.i586.rpm

56033462430c83ad66a0012def277114 2007.1/i586/libldap2.3_0-static-devel-2.3.34-5.3mdv2007.1.i586.rpm

a375be48666c1c17f31360b678ac9837 2007.1/i586/openldap-2.3.34-5.3mdv2007.1.i586.rpm

ab55bec4117e1c154936c4e9f02a0f08 2007.1/i586/openldap-clients-2.3.34-5.3mdv2007.1.i586.rpm

1305f02755d31d5d34177433b23298b5 2007.1/i586/openldap-doc-2.3.34-5.3mdv2007.1.i586.rpm

682cf672c0615de06743ffec5c715133 2007.1/i586/openldap-servers-2.3.34-5.3mdv2007.1.i586.rpm

8825d3d0750952faa62949e17bf035cb 2007.1/i586/openldap-testprogs-2.3.34-5.3mdv2007.1.i586.rpm

7154ce5f0552fe300558fe7f98576a7d 2007.1/i586/openldap-tests-2.3.34-5.3mdv2007.1.i586.rpm

83227efae1cc5176674c5784a9dc1981 2007.1/SRPMS/openldap-2.3.34-5.3mdv2007.1.src.rpm

 

Mandriva Linux 2007.1/X86_64:

0161c4dac99b2fd6497a8fc6263eba36 2007.1/x86_64/lib64ldap2.3_0-2.3.34-5.3mdv2007.1.x86_64.rpm

c488d8a01c3962ac23a66f6a92deed12 2007.1/x86_64/lib64ldap2.3_0-devel-2.3.34-5.3mdv2007.1.x86_64.rpm

c82eab05b6d2fcc2eff29343a2a2126a 2007.1/x86_64/lib64ldap2.3_0-static-devel-2.3.34-5.3mdv2007.1.x86_64.rpm

8677ab05d48db2ef80ef09e3dcd600ab 2007.1/x86_64/openldap-2.3.34-5.3mdv2007.1.x86_64.rpm

2b9d51f03034231f4a1e96ff20dd405f 2007.1/x86_64/openldap-clients-2.3.34-5.3mdv2007.1.x86_64.rpm

a11ad0df7c6789c5aed0efda1e0db443 2007.1/x86_64/openldap-doc-2.3.34-5.3mdv2007.1.x86_64.rpm

bbba1002c2453250e655cb14b3d70971 2007.1/x86_64/openldap-servers-2.3.34-5.3mdv2007.1.x86_64.rpm

c15170fedbbf33b8090c67d8d4f1b0c3 2007.1/x86_64/openldap-testprogs-2.3.34-5.3mdv2007.1.x86_64.rpm

a01092fbeb4008b42b6dd32f9c4881ce 2007.1/x86_64/openldap-tests-2.3.34-5.3mdv2007.1.x86_64.rpm

83227efae1cc5176674c5784a9dc1981 2007.1/SRPMS/openldap-2.3.34-5.3mdv2007.1.src.rpm

 

Mandriva Linux 2008.0:

4c9fc0e275ad67be72d4998742409213 2008.0/i586/libldap2.3_0-2.3.38-3.3mdv2008.0.i586.rpm

e5e9f04d154ec3024cd50e8239abe520 2008.0/i586/libldap2.3_0-devel-2.3.38-3.3mdv2008.0.i586.rpm

3635a18a93d28e738002240d943f362d 2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.3mdv2008.0.i586.rpm

e4a110af57342c2178014037f5d5dfe8 2008.0/i586/openldap-2.3.38-3.3mdv2008.0.i586.rpm

9d6894efabdc7d041404fa0e962f9f63 2008.0/i586/openldap-clients-2.3.38-3.3mdv2008.0.i586.rpm

528903a4e078aaf862d8b01d73836102 2008.0/i586/openldap-doc-2.3.38-3.3mdv2008.0.i586.rpm

c2c40e7693802ca6bcd6d135c1cd28fe 2008.0/i586/openldap-servers-2.3.38-3.3mdv2008.0.i586.rpm

8aa66a86adb881a175759a1a2c854feb 2008.0/i586/openldap-testprogs-2.3.38-3.3mdv2008.0.i586.rpm

5f1de962ffc5181edf5a805aca3a363a 2008.0/i586/openldap-tests-2.3.38-3.3mdv2008.0.i586.rpm

5a681abe6041b1c62cf11aeebf213742 2008.0/SRPMS/openldap-2.3.38-3.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

3e65131309d63d6707d590b38b55d95c 2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.3mdv2008.0.x86_64.rpm

ca78ba175c240bea9132a3f7ec7e4cbe 2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.3mdv2008.0.x86_64.rpm

afdcbb77df8dd1f89434cb2c2c696eef 2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.3mdv2008.0.x86_64.rpm

28e8db2809bb7db0852b8d6958ebda08 2008.0/x86_64/openldap-2.3.38-3.3mdv2008.0.x86_64.rpm

2d1f1f15b0244ddf9c6fb919580877e6 2008.0/x86_64/openldap-clients-2.3.38-3.3mdv2008.0.x86_64.rpm

e7e29cfd38f809ab426b8146ce111dbf 2008.0/x86_64/openldap-doc-2.3.38-3.3mdv2008.0.x86_64.rpm

f8194ae6a59feaf0b9a18e379c851bc2 2008.0/x86_64/openldap-servers-2.3.38-3.3mdv2008.0.x86_64.rpm

d1a09d2828dceb73c96423622379f884 2008.0/x86_64/openldap-testprogs-2.3.38-3.3mdv2008.0.x86_64.rpm

a009374a704ca03db13b2203514ba28b 2008.0/x86_64/openldap-tests-2.3.38-3.3mdv2008.0.x86_64.rpm

5a681abe6041b1c62cf11aeebf213742 2008.0/SRPMS/openldap-2.3.38-3.3mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

6bd87a7abfc1e649ca8b99a990662f8b 2008.1/i586/libldap2.4_2-2.4.8-2.1mdv2008.1.i586.rpm

3bbce9528d32a9b7ffc15424da735627 2008.1/i586/libldap2.4_2-devel-2.4.8-2.1mdv2008.1.i586.rpm

46d8bba1791024fe7258363472e4e08c 2008.1/i586/libldap2.4_2-static-devel-2.4.8-2.1mdv2008.1.i586.rpm

434e683ce9354b72534ed2bf0efbbb25 2008.1/i586/openldap-2.4.8-2.1mdv2008.1.i586.rpm

932123782287c683661ab7e2635ce414 2008.1/i586/openldap-clients-2.4.8-2.1mdv2008.1.i586.rpm

794d7863e56a2fff81319ebdad3999b7 2008.1/i586/openldap-doc-2.4.8-2.1mdv2008.1.i586.rpm

affcb8a7576a6ecc359e96fb4237547b 2008.1/i586/openldap-servers-2.4.8-2.1mdv2008.1.i586.rpm

3405560209e83a6230ded41663b39684 2008.1/i586/openldap-testprogs-2.4.8-2.1mdv2008.1.i586.rpm

1c1a6f5b55eae1083c22d135e84371a0 2008.1/i586/openldap-tests-2.4.8-2.1mdv2008.1.i586.rpm

cdbcb9a1dce093c6bb081a107fce2d0a 2008.1/SRPMS/openldap-2.4.8-2.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

c54197e4d97a2758b37cb72157952336 2008.1/x86_64/lib64ldap2.4_2-2.4.8-2.1mdv2008.1.x86_64.rpm

458b51be06713be97e0993b341ceff50 2008.1/x86_64/lib64ldap2.4_2-devel-2.4.8-2.1mdv2008.1.x86_64.rpm

11cf44ea102ba1f0d23ba252cf02fd07 2008.1/x86_64/lib64ldap2.4_2-static-devel-2.4.8-2.1mdv2008.1.x86_64.rpm

31fc462e90721207d3b94ae237dc8de6 2008.1/x86_64/openldap-2.4.8-2.1mdv2008.1.x86_64.rpm

8aa988bee2cc7293fb775f36fce9cc4a 2008.1/x86_64/openldap-clients-2.4.8-2.1mdv2008.1.x86_64.rpm

78da20185974ca76b79826b59b2a88bf 2008.1/x86_64/openldap-doc-2.4.8-2.1mdv2008.1.x86_64.rpm

23074581371f6d23a2d4c8eeb635bf43 2008.1/x86_64/openldap-servers-2.4.8-2.1mdv2008.1.x86_64.rpm

c974dc6ecdf7d983b313f29b1af3fb57 2008.1/x86_64/openldap-testprogs-2.4.8-2.1mdv2008.1.x86_64.rpm

b3ae070ce9476d323dce1551f8f574ba 2008.1/x86_64/openldap-tests-2.4.8-2.1mdv2008.1.x86_64.rpm

cdbcb9a1dce093c6bb081a107fce2d0a 2008.1/SRPMS/openldap-2.4.8-2.1mdv2008.1.src.rpm

 

Corporate 3.0:

523563312aa5200d57800e37c160bd7a corporate/3.0/i586/libldap2-2.1.25-7.4.C30mdk.i586.rpm

71ead08ad9b3b3cf4a167036a58f4fcb corporate/3.0/i586/libldap2-devel-2.1.25-7.4.C30mdk.i586.rpm

035e2b766fb36fdcc26cf388ca7ceb27 corporate/3.0/i586/libldap2-devel-static-2.1.25-7.4.C30mdk.i586.rpm

2cf032c67236e41169cbfd994edf70b1 corporate/3.0/i586/openldap-2.1.25-7.4.C30mdk.i586.rpm

10c4c874e2215c598405aaaaaa9713df corporate/3.0/i586/openldap-back_dnssrv-2.1.25-7.4.C30mdk.i586.rpm

ca159113880a1a4fff26fcce208b3e17 corporate/3.0/i586/openldap-back_ldap-2.1.25-7.4.C30mdk.i586.rpm

ddb5273208a4480ec4a109466e700dae corporate/3.0/i586/openldap-back_passwd-2.1.25-7.4.C30mdk.i586.rpm

e3f576f01e6282ea471e99f6abf132b2 corporate/3.0/i586/openldap-back_sql-2.1.25-7.4.C30mdk.i586.rpm

2b9684d2781334d397d7d73e40c66ab1 corporate/3.0/i586/openldap-clients-2.1.25-7.4.C30mdk.i586.rpm

3fd599fd464df8309bec907dfabc2ce7 corporate/3.0/i586/openldap-doc-2.1.25-7.4.C30mdk.i586.rpm

b5db061549ee45504ff53bfd8d070db1 corporate/3.0/i586/openldap-migration-2.1.25-7.4.C30mdk.i586.rpm

a0f0c2a6451618d2aaf9b05ee976c6bc corporate/3.0/i586/openldap-servers-2.1.25-7.4.C30mdk.i586.rpm

fed0ad96f94c8dad5fce017d7d2d021f corporate/3.0/SRPMS/openldap-2.1.25-7.4.C30mdk.src.rpm

 

Corporate 3.0/X86_64:

f0f9e254c2d6c46f94a8e28b8ad37875 corporate/3.0/x86_64/lib64ldap2-2.1.25-7.4.C30mdk.x86_64.rpm

8f0428fee538e620608e86661656019e corporate/3.0/x86_64/lib64ldap2-devel-2.1.25-7.4.C30mdk.x86_64.rpm

445c0351649acf21428e69524a4fbae6 corporate/3.0/x86_64/lib64ldap2-devel-static-2.1.25-7.4.C30mdk.x86_64.rpm

dc7b5e43b757ed0f86a50c4bb58a59ba corporate/3.0/x86_64/openldap-2.1.25-7.4.C30mdk.x86_64.rpm

0cdfe461a66bd4820ef4857e28f221d5 corporate/3.0/x86_64/openldap-back_dnssrv-2.1.25-7.4.C30mdk.x86_64.rpm

01662c67f86babc9252fa01b283e7779 corporate/3.0/x86_64/openldap-back_ldap-2.1.25-7.4.C30mdk.x86_64.rpm

2a63ca4cbfc2ce100b03c70b9c0ff751 corporate/3.0/x86_64/openldap-back_passwd-2.1.25-7.4.C30mdk.x86_64.rpm

79fd098e9b3b97cb31f5d9465f95016d corporate/3.0/x86_64/openldap-back_sql-2.1.25-7.4.C30mdk.x86_64.rpm

00797d8218f1b977644065f21d8d7b67 corporate/3.0/x86_64/openldap-clients-2.1.25-7.4.C30mdk.x86_64.rpm

c25a458fe3074290bfb92cde6530a0a1 corporate/3.0/x86_64/openldap-doc-2.1.25-7.4.C30mdk.x86_64.rpm

4350076efbc8a262789679d623c8dca4 corporate/3.0/x86_64/openldap-migration-2.1.25-7.4.C30mdk.x86_64.rpm

327eee43fadad8e494fa1b528340803b corporate/3.0/x86_64/openldap-servers-2.1.25-7.4.C30mdk.x86_64.rpm

fed0ad96f94c8dad5fce017d7d2d021f corporate/3.0/SRPMS/openldap-2.1.25-7.4.C30mdk.src.rpm

 

Corporate 4.0:

4bbabc70a3d09e2d626fd6635f7e9fdf corporate/4.0/i586/libldap2.3_0-2.3.27-1.5.20060mlcs4.i586.rpm

07a93b45a178a856622ab26dc930f9e7 corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.5.20060mlcs4.i586.rpm

2dd28ef4d64923bc4d9ff6e288388766 corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.5.20060mlcs4.i586.rpm

27335d3c1aaaebe2e91218a2916a5bf5 corporate/4.0/i586/openldap-2.3.27-1.5.20060mlcs4.i586.rpm

d5dd7dcd6da6a076e82304f9c3732359 corporate/4.0/i586/openldap-clients-2.3.27-1.5.20060mlcs4.i586.rpm

66e560cf5fdd7b40ca8912bd50fe9bfe corporate/4.0/i586/openldap-doc-2.3.27-1.5.20060mlcs4.i586.rpm

a86cec1efe6d398eea49121fb1d99743 corporate/4.0/i586/openldap-servers-2.3.27-1.5.20060mlcs4.i586.rpm

e79a7b77a51ca7d1494e63d9e540cf6e corporate/4.0/SRPMS/openldap-2.3.27-1.5.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

77eb2e8e4b559c842ee2cf26942bf14a corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.5.20060mlcs4.x86_64.rpm

07dc6b62bb7779e44850e65c9989e2df corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.5.20060mlcs4.x86_64.rpm

0e6d8674391773ae16ac3935f88eb854 corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.5.20060mlcs4.x86_64.rpm

3709c17bbb86240ec55de1f641b31999 corporate/4.0/x86_64/openldap-2.3.27-1.5.20060mlcs4.x86_64.rpm

3f7beed090d81e14b1282e2df31e1e3c corporate/4.0/x86_64/openldap-clients-2.3.27-1.5.20060mlcs4.x86_64.rpm

6e56cef1e11dc58bf92391a39ed6de55 corporate/4.0/x86_64/openldap-doc-2.3.27-1.5.20060mlcs4.x86_64.rpm

71304ff480236f2e2a5aad362b11ae86 corporate/4.0/x86_64/openldap-servers-2.3.27-1.5.20060mlcs4.x86_64.rpm

e79a7b77a51ca7d1494e63d9e540cf6e corporate/4.0/SRPMS/openldap-2.3.27-1.5.20060mlcs4.src.rpm

 

Multi Network Firewall 2.0:

859f2d22ac31ccd817b67bb9613ce1a3 mnf/2.0/i586/libldap2-2.1.25-7.4.C30mdk.i586.rpm

86683db3fc26228fc622bbdc71b20fd2 mnf/2.0/i586/openldap-2.1.25-7.4.C30mdk.i586.rpm

18cccde6a7c77db78b3b0cf3bfecb3a7 mnf/2.0/SRPMS/openldap-2.1.25-7.4.C30mdk.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIeB/imqjQ0CJFipgRAs/eAKDIanHlGIcRjiEV4ZJB5rXRLk0DoQCfbuEl

t+vay0hxpCfO7CduoAZB3Po=

=B4B8

-----END PGP SIGNATURE-----

 

 

------------=_1215843337-11275-7297

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215843337-11275-7297--

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×