Home > Security > Advisories

Advisories

Mandriva Advisories

Package name openldap
Date August 13th, 2001
Advisory ID MDKSA-2001:069
Affected versions 7.1, 7.2, 8.0, CS1.0
Synopsis Updated openldap packages fix invalid packet handling vulnerability

Problem Description

CERT released an advisory that details a number of vulnerabilities as
found in a variety of different LDAP implementations. The results of
these tests showed one vulnerability in OpenLDAP with slapd not
handling packets with certain invalid fields. A malicious attacker
could craft such invalid packets, resulting in a denial of service
attack on the affected server.

Updated Packages

Mandrakelinux 7.1

 f85b74a6f81850178e99de059ce7ac51  7.1/RPMS/openldap-1.2.12-1.3mdk.i586.rpm
5cd4401a3ce81f7e45de3d8b80404c58  7.1/RPMS/openldap-devel-1.2.12-1.3mdk.i586.rpm
939b04ecb65daf2c5280e5a5ddc14365  7.1/SRPMS/openldap-1.2.12-1.3mdk.src.rpm

Mandrakelinux 7.2

 cd28b5c07f05e6b20533116ae3e2c29b  7.2/RPMS/openldap-1.2.12-1.2mdk.i586.rpm
7d86a8d344d46920491f811538292226  7.2/RPMS/openldap-devel-1.2.12-1.2mdk.i586.rpm
de5469cb8470152ddedbeffeb1466def  7.2/SRPMS/openldap-1.2.12-1.2mdk.src.rpm

Mandrakelinux 8.0

 eb3e60b1947fabf7d44981187c0306a4  8.0/RPMS/libldap1-1.2.12-1.1mdk.i586.rpm
629c75aa532e9730517752d2e964045f  8.0/RPMS/libldap1-devel-1.2.12-1.1mdk.i586.rpm
835611f3f7c11488037f45c3322a2fe7  8.0/RPMS/libldap2-2.0.11-6.1mdk.i586.rpm
c3cdd9533bc8fd3f1a223ae7081771e0  8.0/RPMS/libldap2-devel-2.0.11-6.1mdk.i586.rpm
d3e9a8f80f6016d64c29518c8013cb4d  8.0/RPMS/libldap2-devel-static-2.0.11-6.1mdk.i586.rpm
d4aed1a2a958f6d3448a848c69e5efba  8.0/RPMS/openldap-2.0.11-6.1mdk.i586.rpm
71bba1cc342d2f3516571a020161a847  8.0/RPMS/openldap-back_dnssrv-2.0.11-6.1mdk.i586.rpm
a1b4012315a3ce88c27c6c640dfbd77e  8.0/RPMS/openldap-back_ldap-2.0.11-6.1mdk.i586.rpm
f7c2b20461101cc5c78045bc39c52eb2  8.0/RPMS/openldap-back_passwd-2.0.11-6.1mdk.i586.rpm
3bb8dd5668e9ee025e28ad1ea4c9f622  8.0/RPMS/openldap-back_sql-2.0.11-6.1mdk.i586.rpm
d61de43692601ac183564fc4a46a21cf  8.0/RPMS/openldap-clients-2.0.11-6.1mdk.i586.rpm
a6cf2c2451d799372787bb7392065068  8.0/RPMS/openldap-guide-2.0.11-6.1mdk.i586.rpm
9b5cbeefbbf68d8f6b3143c7bc30a72c  8.0/RPMS/openldap-migration-2.0.11-6.1mdk.i586.rpm
89e6f11113a37ad0a2b11f0e2c2ea867  8.0/RPMS/openldap-servers-2.0.11-6.1mdk.i586.rpm
84ee41801fb25caa1cd4fa69cf4b7e39  8.0/RPMS/openldap1-1.2.12-1.1mdk.i586.rpm
b863f396fb81de5d2860102dd1b2a3e8  8.0/SRPMS/openldap-2.0.11-6.1mdk.src.rpm
a31898bb56c36fc726e1810985768fef  8.0/SRPMS/openldap1-1.2.12-1.1mdk.src.rpm

Corporate Server 1.0.1

 f85b74a6f81850178e99de059ce7ac51  1.0.1/RPMS/openldap-1.2.12-1.3mdk.i586.rpm
5cd4401a3ce81f7e45de3d8b80404c58  1.0.1/RPMS/openldap-devel-1.2.12-1.3mdk.i586.rpm
939b04ecb65daf2c5280e5a5ddc14365  1.0.1/SRPMS/openldap-1.2.12-1.3mdk.src.rpm

References

http://www.cert.org/advisories/CA-2001-18.html

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.