Package name
openldap
Date
2006-11-21
Advisory ID
MDKSA-2006:208-1
Affected versions
CS4.0 x86_64 , CS4.0 i586

Problem description

An unspecified vulnerability in OpenLDAP allows remote attackers to
cause a denial of service (daemon crash) via a certain combination of
SASL Bind requests that triggers an assertion failure in libldap.

Packages have been patched to correct this issue.

Update:

Packages for Corp4 were built from the wrong src.rpm, breaking Heimdal
Kerboros and possibly other support. Updated packages are being
provided to correct this issue.

Updated packages

CS4.0 x86_64

 e0e14d15ac3d5e3289741b7d9cdaf49b  corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.2.20060mlcs4.x86_64.rpm
 cf663a417761ba7164459eaedfd9e70e  corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.2.20060mlcs4.x86_64.rpm
 ed535216119821e63473f6f0f349ba1a  corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.2.20060mlcs4.x86_64.rpm
 153411b3f4f39e77dd7e5c37de79217b  corporate/4.0/x86_64/openldap-2.3.27-1.2.20060mlcs4.x86_64.rpm
 de2dbf35e5dd78ddcd4f9c38e3c2093a  corporate/4.0/x86_64/openldap-clients-2.3.27-1.2.20060mlcs4.x86_64.rpm
 344c24cb39357180d333da9615862c16  corporate/4.0/x86_64/openldap-doc-2.3.27-1.2.20060mlcs4.x86_64.rpm
 eb89fcde11209131b7eb0031aaabc5c2  corporate/4.0/x86_64/openldap-servers-2.3.27-1.2.20060mlcs4.x86_64.rpm 
 a743b7e2980cc647a03c0b164d919056  corporate/4.0/SRPMS/openldap-2.3.27-1.2.20060mlcs4.src.rpm

CS4.0 i586

 272efe4fb9ea4dfd82bdf9dc396544f2  corporate/4.0/i586/libldap2.3_0-2.3.27-1.2.20060mlcs4.i586.rpm
 c938570eaa2f35720e51c10f0229f046  corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.2.20060mlcs4.i586.rpm
 725ae4b4369e685db80a05a98d25ce34  corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.2.20060mlcs4.i586.rpm
 8f3ae006488a7f239c544e99cc32ff54  corporate/4.0/i586/openldap-2.3.27-1.2.20060mlcs4.i586.rpm
 aff2fcffa4e1fdf341954531273a24b5  corporate/4.0/i586/openldap-clients-2.3.27-1.2.20060mlcs4.i586.rpm
 30025ae0794372d1cf0b8f690d2437c0  corporate/4.0/i586/openldap-doc-2.3.27-1.2.20060mlcs4.i586.rpm
 2caf9b165be747d47379de69cabb6c85  corporate/4.0/i586/openldap-servers-2.3.27-1.2.20060mlcs4.i586.rpm 
 a743b7e2980cc647a03c0b164d919056  corporate/4.0/SRPMS/openldap-2.3.27-1.2.20060mlcs4.src.rpm

References