Paketname
openldap
Datum
2014-02-12
Advisory ID
MDVSA-2014:026
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

A vulnerability has been discovered and corrected in openldap:

The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not
properly count references, which allows remote attackers to cause
a denial of service (slapd crash) by unbinding immediately after a
search request, which triggers rwm_conn_destroy to free the session
context while it is being used by rwm_op_search (CVE-2013-4449).

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 f6f47a0a0de36f77454b42b7d67cad11  mes5/i586/libldap2.4_2-2.4.11-3.6mdvmes5.2.i586.rpm
 6ef1ee5fae026d70c3a940b597c2899c  mes5/i586/libldap2.4_2-devel-2.4.11-3.6mdvmes5.2.i586.rpm
 cff64c1d004f5dcadf58893f54bd2b79  mes5/i586/libldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.i586.rpm
 4bc668febb73c0ce41d928f6bc66aead  mes5/i586/openldap-2.4.11-3.6mdvmes5.2.i586.rpm
 3c22bef679a50ecaf3ea705089b3b787  mes5/i586/openldap-clients-2.4.11-3.6mdvmes5.2.i586.rpm
 5bda4d05eb3c630b915aebde7c80410c  mes5/i586/openldap-doc-2.4.11-3.6mdvmes5.2.i586.rpm
 95e6338873c0b3643cf0983bcd82a933  mes5/i586/openldap-servers-2.4.11-3.6mdvmes5.2.i586.rpm
 dea70a29075de07ca438417e5b775856  mes5/i586/openldap-testprogs-2.4.11-3.6mdvmes5.2.i586.rpm
 0ad5f08372fb554fff145b9f202f8845  mes5/i586/openldap-tests-2.4.11-3.6mdvmes5.2.i586.rpm 
 8358868a61a01b5204d032d9674e5728  mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm

MBS1 x86_64

 1fbea4ddae49067310f9d52862186f12  mbs1/x86_64/lib64ldap2.4_2-2.4.33-2.1.mbs1.x86_64.rpm
 3bed34f442d7d99ca6770a0aa334bf0e  mbs1/x86_64/lib64ldap2.4_2-devel-2.4.33-2.1.mbs1.x86_64.rpm
 a10e56dc0d771e8da27059c0d84966fe  mbs1/x86_64/lib64ldap2.4_2-static-devel-2.4.33-2.1.mbs1.x86_64.rpm
 df4a9a4436890707a76fe41c16999800  mbs1/x86_64/openldap-2.4.33-2.1.mbs1.x86_64.rpm
 32fd4c412cf89d78e0887734bce10d36  mbs1/x86_64/openldap-clients-2.4.33-2.1.mbs1.x86_64.rpm
 958f98530f1119e48d8f6f224d01ca6a  mbs1/x86_64/openldap-doc-2.4.33-2.1.mbs1.x86_64.rpm
 b75dca39829dbca00adc0884e2ca6fbf  mbs1/x86_64/openldap-servers-2.4.33-2.1.mbs1.x86_64.rpm
 8c4e2d2ef7e480d05ebcf9655adf2a94  mbs1/x86_64/openldap-testprogs-2.4.33-2.1.mbs1.x86_64.rpm
 193e318abe419a0689144bf7af70ade6  mbs1/x86_64/openldap-tests-2.4.33-2.1.mbs1.x86_64.rpm 
 4ebfb4dcbb423c34c48e03e61c96507a  mbs1/SRPMS/openldap-2.4.33-2.1.mbs1.src.rpm

MES5 x86_64

 9ac984f57b49bcac9c244dcb2ea25f82  mes5/x86_64/lib64ldap2.4_2-2.4.11-3.6mdvmes5.2.x86_64.rpm
 ad204d57a8e77c683b18fb57db9df223  mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm
 0101675decfd5db7f4bcdd2e205e5533  mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.6mdvmes5.2.x86_64.rpm
 924c8eb8dce5616f72cfd1c74ec3ffc0  mes5/x86_64/openldap-2.4.11-3.6mdvmes5.2.x86_64.rpm
 b5483d5352e88095541aa4289c3f762b  mes5/x86_64/openldap-clients-2.4.11-3.6mdvmes5.2.x86_64.rpm
 b2067967b6d3b3eb1a4536b76e8b2052  mes5/x86_64/openldap-doc-2.4.11-3.6mdvmes5.2.x86_64.rpm
 6b328f09e078fbcdf8138f60eeb0c3c1  mes5/x86_64/openldap-servers-2.4.11-3.6mdvmes5.2.x86_64.rpm
 9517f66ee97e0db3099135fff5c07a19  mes5/x86_64/openldap-testprogs-2.4.11-3.6mdvmes5.2.x86_64.rpm
 70b08cd0c8d45322bba7bfbdba2cf202  mes5/x86_64/openldap-tests-2.4.11-3.6mdvmes5.2.x86_64.rpm 
 8358868a61a01b5204d032d9674e5728  mes5/SRPMS/openldap-2.4.11-3.6mdvmes5.2.src.rpm

Referenzen