-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
Mandrake Linux Security Update Advisory
________________________________________________________________________
Package name: openldap
Advisory ID: MDKSA-2003:006
Date: January 14th, 2003
Affected versions: 8.0, 8.1, 8.2, 9.0, Multi Network Firewall 8.2
________________________________________________________________________
Problem Description:
A review was completed by the SuSE Security Team on the OpenLDAP
server software, and this audit revealed several buffer overflows
and other bugs that remote attackers could exploit to gain unauthorized
access to the system running the vulnerable OpenLDAP servers.
Additionally, various locally exploitable bugs in the OpenLDAP v2
libraries have been fixed as well.
________________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1379
http://www.suse.de/security/2002_047_openldap2.html
________________________________________________________________________
Updated Packages:
Mandrake Linux 8.0:
5afe60e1700e1209e32d8bed224863e4 8.0/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm
4e5c75fa2214a8a066dfc53ae8b78b57 8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm
b5bdaa88b744bb8ad30bde085aee3c04 8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm
e8abf7a43e55e890c74725e1a2363a05 8.0/RPMS/openldap-2.0.21-2.1mdk.i586.rpm
6f02ab31e914abddb79d922b1fc6af9f 8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm
f344a0231aa1e625bb5dbac635084ee2 8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm
822efcb9ca3aaa9a81abefa998b46368 8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm
c9c85e5c2ce24aa6603028a680db4678 8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm
cd350bdf342d6a871d3d6eb7e33b482f 8.0/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm
f88a18eff09569b015aa84e352de962a 8.0/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm
06830089ecc38489e966c93af97fc681 8.0/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm
986d7fa3dc5a0a323715b1aa48b6db3e 8.0/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm
8bb4dc6c88eead930521d14be4b3906d 8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm
Mandrake Linux 8.0/PPC:
6f32c6abe98e70ea939cdb3d1f4abd56 ppc/8.0/RPMS/libldap2-2.0.21-2.1mdk.ppc.rpm
42544b3583e8359e7efcd0faef719e54 ppc/8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.ppc.rpm
93ee41063959a438738233cff1d64c77 ppc/8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ppc.rpm
921b1f2a0e980963c4190e999c691cf8 ppc/8.0/RPMS/openldap-2.0.21-2.1mdk.ppc.rpm
0b3ba91f10d03f4fd67537ea4f6a4122 ppc/8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ppc.rpm
b0cce34d7d6d6121460e91185067e513 ppc/8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ppc.rpm
3d6ac2eac61b8db582d9621720b35331 ppc/8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ppc.rpm
6dd2f9c840a416990a06e20a3cd4cd14 ppc/8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.ppc.rpm
a549aba7d1783e495ff20f124a2d53b9 ppc/8.0/RPMS/openldap-clients-2.0.21-2.1mdk.ppc.rpm
7deebb377f822e1a8e738859b8ef8375 ppc/8.0/RPMS/openldap-guide-2.0.21-2.1mdk.ppc.rpm
d79018502156840b5d39138b0c589017 ppc/8.0/RPMS/openldap-migration-2.0.21-2.1mdk.ppc.rpm
d774d8251c11f0f9c003888582e13161 ppc/8.0/RPMS/openldap-servers-2.0.21-2.1mdk.ppc.rpm
8bb4dc6c88eead930521d14be4b3906d ppc/8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm
Mandrake Linux 8.1:
88ed5d7efba069cc5f7fff8fe1a1d70f 8.1/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm
ef00527ba370cfbcbc2299b5f5e3c694 8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm
8c147e051cd59fbf4a286ae30b07a484 8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm
6a49f4e20130eece4051a772b326b0f0 8.1/RPMS/openldap-2.0.21-2.1mdk.i586.rpm
aee683dd03edac81dd1d33b9d87dc4db 8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm
e5336706a244dd7fcbee9b4ae6e32cb9 8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm
0414e70f89240eebbf6db4c2aadbe87d 8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm
5e2f0838ff31d68c95d1032cf9be614c 8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm
80d1e74559067e98d4c87c562d045721 8.1/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm
f373450e50c5e358147e2ffb913ddab9 8.1/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm
f67d42772bf626d084f82a508f58c151 8.1/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm
f1c980c3eaeb7d1c1fd82c40187da0b3 8.1/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm
8bb4dc6c88eead930521d14be4b3906d 8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm
Mandrake Linux 8.1/IA64:
9a15fc789e95f599650378c4f7569102 ia64/8.1/RPMS/libldap2-2.0.21-2.1mdk.ia64.rpm
6825f6641c8b644ec109b84773abfa2f ia64/8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.ia64.rpm
5f45b313da9cbef648cb2ba22c5dbc75 ia64/8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ia64.rpm
8121f18a96d61e40fd269b15f1598817 ia64/8.1/RPMS/openldap-2.0.21-2.1mdk.ia64.rpm
6f07765568c1826769c79b9c128ff579 ia64/8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ia64.rpm
fae7c6114ddfc92f8b1e849a1fc0dcbb ia64/8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ia64.rpm
45898d8ac770b6df04f33f31805c0fcb ia64/8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ia64.rpm
5f982ce814c204d8c5f5b41624902dd9 ia64/8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.ia64.rpm
1a954fe55feaf4422b18cd9fa13cd802 ia64/8.1/RPMS/openldap-clients-2.0.21-2.1mdk.ia64.rpm
4292274f3cb402346b7e301e70e0c591 ia64/8.1/RPMS/openldap-guide-2.0.21-2.1mdk.ia64.rpm
df6915efe3b96e4f6babd75d55a2f637 ia64/8.1/RPMS/openldap-migration-2.0.21-2.1mdk.ia64.rpm
7ba11f118d4dd67809ad2a99d0fb36e0 ia64/8.1/RPMS/openldap-servers-2.0.21-2.1mdk.ia64.rpm
8bb4dc6c88eead930521d14be4b3906d ia64/8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm
Mandrake Linux 8.2:
31dd7498be75a0c20989d6edbff69769 8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm
98f9121b63e9d91ac801eb91562e6ed3 8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.i586.rpm
101a99eca850c12f875f7d7a0fd0481a 8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.i586.rpm
32269987f55e49fff5ae729b595314e9 8.2/RPMS/openldap-2.0.21-4.1mdk.i586.rpm
9871abad0f376979b30cae96139378f7 8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.i586.rpm
85a08af9ed8f15f7e8a84445af71bd5a 8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.i586.rpm
a73664f25aad73f4e43cbe1cebc6966c 8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.i586.rpm
3d4e28cd285ba83a9c808bf1dfdd1fc4 8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.i586.rpm
16bc47eeb22672ef457087edd7a4e46b 8.2/RPMS/openldap-clients-2.0.21-4.1mdk.i586.rpm
db5d460fa1bc21821ef3d2dc2f72e692 8.2/RPMS/openldap-guide-2.0.21-4.1mdk.i586.rpm
b9b66439e8a8b4208a07591ed66b5dbb 8.2/RPMS/openldap-migration-2.0.21-4.1mdk.i586.rpm
639be00a1a3c9e56759e5ba29f61d1f8 8.2/RPMS/openldap-servers-2.0.21-4.1mdk.i586.rpm
cb89f972abd81097100bc05e7cd41fcb 8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm
Mandrake Linux 8.2/PPC:
d4320e60ca3db0054e4a6d478ec42d50 ppc/8.2/RPMS/libldap2-2.0.21-4.1mdk.ppc.rpm
ee569f5f8b345b4af00cb3a2b82d38ce ppc/8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.ppc.rpm
9e6fb85573ab4361147fbff6958c9f1a ppc/8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.ppc.rpm
ad73f95dc5022b12f41160934c27c36b ppc/8.2/RPMS/openldap-2.0.21-4.1mdk.ppc.rpm
2fee29a243ff1024fedd011c6b885c34 ppc/8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.ppc.rpm
de61155cf89941ac0a82fe4b2d7e629b ppc/8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.ppc.rpm
2104d2776764d9a29a17da37d57f2911 ppc/8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.ppc.rpm
65040221b19ad9f5ec586f56b3bad493 ppc/8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.ppc.rpm
755c51173127dc685cb75cf9a0f91cfe ppc/8.2/RPMS/openldap-clients-2.0.21-4.1mdk.ppc.rpm
71284648ef634f3e39109957245748fc ppc/8.2/RPMS/openldap-guide-2.0.21-4.1mdk.ppc.rpm
71d6408a3f2604c8836a9fe647057b60 ppc/8.2/RPMS/openldap-migration-2.0.21-4.1mdk.ppc.rpm
b7a12cc1a6f1e0d0d66c1c9c2f53bd2a ppc/8.2/RPMS/openldap-servers-2.0.21-4.1mdk.ppc.rpm
cb89f972abd81097100bc05e7cd41fcb ppc/8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm
Mandrake Linux 9.0:
102ca496ebebc6c97ba8d3a69e00b9d5 9.0/RPMS/libldap2-2.0.25-7.1mdk.i586.rpm
86372052e6077d2fa6765f117b84f619 9.0/RPMS/libldap2-devel-2.0.25-7.1mdk.i586.rpm
757534b445f2a8994bb7d598a2476290 9.0/RPMS/libldap2-devel-static-2.0.25-7.1mdk.i586.rpm
e4d93db53f8fa193dbb7fd1b5b4754a5 9.0/RPMS/openldap-2.0.25-7.1mdk.i586.rpm
f086b7ced2e0a82b95f4e30454eefff2 9.0/RPMS/openldap-back_dnssrv-2.0.25-7.1mdk.i586.rpm
4ea977bcb5d2a81dcbc9a04d8a4e7f6a 9.0/RPMS/openldap-back_ldap-2.0.25-7.1mdk.i586.rpm
13849054f7b81ba72ce43bae49873df1 9.0/RPMS/openldap-back_passwd-2.0.25-7.1mdk.i586.rpm
38cd1230470b9bc5ba2c0753e02e606a 9.0/RPMS/openldap-back_sql-2.0.25-7.1mdk.i586.rpm
bf63a8b7dd78f47528a3a90411be4d3b 9.0/RPMS/openldap-clients-2.0.25-7.1mdk.i586.rpm
32309fa668e037cc07dd9525e760d580 9.0/RPMS/openldap-guide-2.0.25-7.1mdk.i586.rpm
b580692d2d45ad3132bdfce40c7774f0 9.0/RPMS/openldap-migration-2.0.25-7.1mdk.i586.rpm
dc7bbbad1dfa8fd83b4e0cdd243f09cc 9.0/RPMS/openldap-servers-2.0.25-7.1mdk.i586.rpm
3e2d88fee3f8f4024e833ae1897959ec 9.0/SRPMS/openldap-2.0.25-7.1mdk.src.rpm
Multi Network Firewall 8.2:
31dd7498be75a0c20989d6edbff69769 mnf8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm
cb89f972abd81097100bc05e7cd41fcb mnf8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm
________________________________________________________________________
Bug IDs fixed (see https://qa.mandrakesoft.com for more information):
________________________________________________________________________
To upgrade automatically, use MandrakeUpdate. The verification of md5
checksums and GPG signatures is performed automatically for you.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of
FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
Please verify the update prior to upgrading to ensure the integrity of
the downloaded package. You can do this with the command:
rpm --checksig <filename>
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team from:
https://www.mandrakesecure.net/RPM-GPG-KEYS
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.7 (GNU/Linux)
mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday
L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7
WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo
P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl
hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx
PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg
2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs
iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD
LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu
ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t
PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy
/NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA
BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP
WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w
Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA
BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H
8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K
+jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy
YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j
b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+
AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E
OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ
9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR
xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z
269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN
6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ
jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo
0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ
EJGXlA==
=yGlX
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+JOI8mqjQ0CJFipgRAnLcAKCCZ2Qz7uXwkowRPWAx/aLFpu3YsQCfTgja
nuQNTH9Vr8qZ86nF8EcSgPQ=
=Fids
-----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jan 16 2003 - 11:14:32 PST