[CLA-2001:417] Conectiva Linux Security Announcement - openldap
Date: Wed, 29 Aug 2001 15:47:55 -0300
From: [email protected]
To: [email protected], [email protected],
Subject: [CLA-2001:417] Conectiva Linux Security Announcement - openldap
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : openldap
SUMMARY : Remote DoS vulnerability in openldap
DATE : 2001-08-29 15:47:00
ID : CLA-2001:417
RELEVANT
RELEASES : 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1, 6.0, 7.0
- -------------------------------------------------------------------------
DESCRIPTION
OpenLDAP is an LDAPv2 and LDAPv3 (starting with version 2.0.x)
server.
The PROTOS[2] project conducted several protocol tests with many
different LDAP servers. It was verified[3] that OpenLDAP versions
before 1.2.11 and 2.0.8 (from the 2.0.x series) have a remote denial
of service vulnerability that allows a remote attacker to disrupt the
service.
SOLUTION
It is recommended that all OpenLDAP users upgrade their packages.
Some remarks:
- it IS necessary to manually restart the service after applying the
update. Execute "/etc/rc.d/init.d/ldap restart";
- the openldap2 package (please note the version number together with
the name) supplied for CL6.0 is experimental, openldap-1.2.x is the
recommended version for that distribution. In particular, it is not
possible to have openldap version 1.2.x and openldap2 installed at
the same time in CL6.0;
- the openldap1 package (please note the version number together with
the name) supplied for CL7.0 only has the dynamic libraries in it: no
program in CL7.0 requires this package and is is provided only for
compatibility reasons.
REFERENCES
1. http://www.cert.org/advisories/CA-2001-18.html
2. http://www.ee.oulu.fi/research/ouspg/protos/
3.
http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/index.html
4. http://www.openldap.org
5. http://www.kb.cert.org/vuls/id/935800
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/openldap-1.2.12-1U41_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/openldap-devel-1.2.12-1U41_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.1/i386/openldap-1.2.12-1U41_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/openldap-1.2.12-1U42_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/openldap-devel-1.2.12-1U42_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/4.2/i386/openldap-1.2.12-1U42_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/openldap-1.2.12-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openldap-devel-1.2.12-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/openldap-1.2.12-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/openldap-1.2.12-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openldap-1.2.12-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/openldap-devel-1.2.12-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openldap-1.2.12-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap-devel-1.2.12-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap-1.2.12-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openldap2-2.0.11-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-devel-2.0.11-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-2.0.11-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-tests-2.0.11-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openldap1-1.2.12-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap1-1.2.12-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/openldap-1.2.12-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openldap-devel-1.2.12-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/openldap-1.2.12-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/openldap-1.2.12-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openldap-devel-1.2.12-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/openldap-1.2.12-1U50_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7jTja42jd0JmAcZARAl5nAKDkzNhEcUS86hU8QBobyz/XJwrj/wCgqy7B
r/mD2GHelkoL/PoTuTCV7eo=
=Hz7L
-----END PGP SIGNATURE-----