MDKSA-2006:017
- Package name
- mod_auth_ldap
- Date
- 2006-01-19
- Advisory ID
- MDKSA-2006:017
- Affected versions
- CS2.1 i586 , CS2.1 x86_64
Problem description
A format string flaw was discovered in the way that auth_ldap logs
information which may allow a remote attacker to execute arbitrary code
as the apache user if auth_ldap is used for authentication.
This update provides version 1.6.1 of auth_ldap which corrects the
problem. Only Corporate Server 2.1 shipped with a supported auth_ldap
package.
Updated packages
CS2.1 i586
a579c887e48daaa8281ecdc4e1381fa0 corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.i586.rpm 3af337e3989aed18d9c6e634ecb3e47b corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm
CS2.1 x86_64
b3c27d91b6fa68e557507318c8e18f0c x86_64/corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.x86_64.rpm 3af337e3989aed18d9c6e634ecb3e47b x86_64/corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm