From security@linux-mandrake.com Wed Jan 15 02:20:37 2003 From: Mandrake Linux Security Team To: full-disclosure@lists.netsys.com Date: 15 Jan 2003 04:23:24 -0000 Subject: [Full-Disclosure] MDKSA-2003:006 - Updated OpenLDAP packages fix multiple vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: openldap Advisory ID: MDKSA-2003:006 Date: January 14th, 2003 Affected versions: 8.0, 8.1, 8.2, 9.0, Multi Network Firewall 8.2 ________________________________________________________________________ Problem Description: A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1379 http://www.suse.de/security/2002_047_openldap2.html ________________________________________________________________________ Updated Packages: Mandrake Linux 8.0: 5afe60e1700e1209e32d8bed224863e4 8.0/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm 4e5c75fa2214a8a066dfc53ae8b78b57 8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm b5bdaa88b744bb8ad30bde085aee3c04 8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm e8abf7a43e55e890c74725e1a2363a05 8.0/RPMS/openldap-2.0.21-2.1mdk.i586.rpm 6f02ab31e914abddb79d922b1fc6af9f 8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm f344a0231aa1e625bb5dbac635084ee2 8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm 822efcb9ca3aaa9a81abefa998b46368 8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm c9c85e5c2ce24aa6603028a680db4678 8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm cd350bdf342d6a871d3d6eb7e33b482f 8.0/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm f88a18eff09569b015aa84e352de962a 8.0/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm 06830089ecc38489e966c93af97fc681 8.0/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm 986d7fa3dc5a0a323715b1aa48b6db3e 8.0/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm 8bb4dc6c88eead930521d14be4b3906d 8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm Mandrake Linux 8.0/PPC: 6f32c6abe98e70ea939cdb3d1f4abd56 ppc/8.0/RPMS/libldap2-2.0.21-2.1mdk.ppc.rpm 42544b3583e8359e7efcd0faef719e54 ppc/8.0/RPMS/libldap2-devel-2.0.21-2.1mdk.ppc.rpm 93ee41063959a438738233cff1d64c77 ppc/8.0/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ppc.rpm 921b1f2a0e980963c4190e999c691cf8 ppc/8.0/RPMS/openldap-2.0.21-2.1mdk.ppc.rpm 0b3ba91f10d03f4fd67537ea4f6a4122 ppc/8.0/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ppc.rpm b0cce34d7d6d6121460e91185067e513 ppc/8.0/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ppc.rpm 3d6ac2eac61b8db582d9621720b35331 ppc/8.0/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ppc.rpm 6dd2f9c840a416990a06e20a3cd4cd14 ppc/8.0/RPMS/openldap-back_sql-2.0.21-2.1mdk.ppc.rpm a549aba7d1783e495ff20f124a2d53b9 ppc/8.0/RPMS/openldap-clients-2.0.21-2.1mdk.ppc.rpm 7deebb377f822e1a8e738859b8ef8375 ppc/8.0/RPMS/openldap-guide-2.0.21-2.1mdk.ppc.rpm d79018502156840b5d39138b0c589017 ppc/8.0/RPMS/openldap-migration-2.0.21-2.1mdk.ppc.rpm d774d8251c11f0f9c003888582e13161 ppc/8.0/RPMS/openldap-servers-2.0.21-2.1mdk.ppc.rpm 8bb4dc6c88eead930521d14be4b3906d ppc/8.0/SRPMS/openldap-2.0.21-2.1mdk.src.rpm Mandrake Linux 8.1: 88ed5d7efba069cc5f7fff8fe1a1d70f 8.1/RPMS/libldap2-2.0.21-2.1mdk.i586.rpm ef00527ba370cfbcbc2299b5f5e3c694 8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.i586.rpm 8c147e051cd59fbf4a286ae30b07a484 8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.i586.rpm 6a49f4e20130eece4051a772b326b0f0 8.1/RPMS/openldap-2.0.21-2.1mdk.i586.rpm aee683dd03edac81dd1d33b9d87dc4db 8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.i586.rpm e5336706a244dd7fcbee9b4ae6e32cb9 8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.i586.rpm 0414e70f89240eebbf6db4c2aadbe87d 8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.i586.rpm 5e2f0838ff31d68c95d1032cf9be614c 8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.i586.rpm 80d1e74559067e98d4c87c562d045721 8.1/RPMS/openldap-clients-2.0.21-2.1mdk.i586.rpm f373450e50c5e358147e2ffb913ddab9 8.1/RPMS/openldap-guide-2.0.21-2.1mdk.i586.rpm f67d42772bf626d084f82a508f58c151 8.1/RPMS/openldap-migration-2.0.21-2.1mdk.i586.rpm f1c980c3eaeb7d1c1fd82c40187da0b3 8.1/RPMS/openldap-servers-2.0.21-2.1mdk.i586.rpm 8bb4dc6c88eead930521d14be4b3906d 8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm Mandrake Linux 8.1/IA64: 9a15fc789e95f599650378c4f7569102 ia64/8.1/RPMS/libldap2-2.0.21-2.1mdk.ia64.rpm 6825f6641c8b644ec109b84773abfa2f ia64/8.1/RPMS/libldap2-devel-2.0.21-2.1mdk.ia64.rpm 5f45b313da9cbef648cb2ba22c5dbc75 ia64/8.1/RPMS/libldap2-devel-static-2.0.21-2.1mdk.ia64.rpm 8121f18a96d61e40fd269b15f1598817 ia64/8.1/RPMS/openldap-2.0.21-2.1mdk.ia64.rpm 6f07765568c1826769c79b9c128ff579 ia64/8.1/RPMS/openldap-back_dnssrv-2.0.21-2.1mdk.ia64.rpm fae7c6114ddfc92f8b1e849a1fc0dcbb ia64/8.1/RPMS/openldap-back_ldap-2.0.21-2.1mdk.ia64.rpm 45898d8ac770b6df04f33f31805c0fcb ia64/8.1/RPMS/openldap-back_passwd-2.0.21-2.1mdk.ia64.rpm 5f982ce814c204d8c5f5b41624902dd9 ia64/8.1/RPMS/openldap-back_sql-2.0.21-2.1mdk.ia64.rpm 1a954fe55feaf4422b18cd9fa13cd802 ia64/8.1/RPMS/openldap-clients-2.0.21-2.1mdk.ia64.rpm 4292274f3cb402346b7e301e70e0c591 ia64/8.1/RPMS/openldap-guide-2.0.21-2.1mdk.ia64.rpm df6915efe3b96e4f6babd75d55a2f637 ia64/8.1/RPMS/openldap-migration-2.0.21-2.1mdk.ia64.rpm 7ba11f118d4dd67809ad2a99d0fb36e0 ia64/8.1/RPMS/openldap-servers-2.0.21-2.1mdk.ia64.rpm 8bb4dc6c88eead930521d14be4b3906d ia64/8.1/SRPMS/openldap-2.0.21-2.1mdk.src.rpm Mandrake Linux 8.2: 31dd7498be75a0c20989d6edbff69769 8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm 98f9121b63e9d91ac801eb91562e6ed3 8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.i586.rpm 101a99eca850c12f875f7d7a0fd0481a 8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.i586.rpm 32269987f55e49fff5ae729b595314e9 8.2/RPMS/openldap-2.0.21-4.1mdk.i586.rpm 9871abad0f376979b30cae96139378f7 8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.i586.rpm 85a08af9ed8f15f7e8a84445af71bd5a 8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.i586.rpm a73664f25aad73f4e43cbe1cebc6966c 8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.i586.rpm 3d4e28cd285ba83a9c808bf1dfdd1fc4 8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.i586.rpm 16bc47eeb22672ef457087edd7a4e46b 8.2/RPMS/openldap-clients-2.0.21-4.1mdk.i586.rpm db5d460fa1bc21821ef3d2dc2f72e692 8.2/RPMS/openldap-guide-2.0.21-4.1mdk.i586.rpm b9b66439e8a8b4208a07591ed66b5dbb 8.2/RPMS/openldap-migration-2.0.21-4.1mdk.i586.rpm 639be00a1a3c9e56759e5ba29f61d1f8 8.2/RPMS/openldap-servers-2.0.21-4.1mdk.i586.rpm cb89f972abd81097100bc05e7cd41fcb 8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm Mandrake Linux 8.2/PPC: d4320e60ca3db0054e4a6d478ec42d50 ppc/8.2/RPMS/libldap2-2.0.21-4.1mdk.ppc.rpm ee569f5f8b345b4af00cb3a2b82d38ce ppc/8.2/RPMS/libldap2-devel-2.0.21-4.1mdk.ppc.rpm 9e6fb85573ab4361147fbff6958c9f1a ppc/8.2/RPMS/libldap2-devel-static-2.0.21-4.1mdk.ppc.rpm ad73f95dc5022b12f41160934c27c36b ppc/8.2/RPMS/openldap-2.0.21-4.1mdk.ppc.rpm 2fee29a243ff1024fedd011c6b885c34 ppc/8.2/RPMS/openldap-back_dnssrv-2.0.21-4.1mdk.ppc.rpm de61155cf89941ac0a82fe4b2d7e629b ppc/8.2/RPMS/openldap-back_ldap-2.0.21-4.1mdk.ppc.rpm 2104d2776764d9a29a17da37d57f2911 ppc/8.2/RPMS/openldap-back_passwd-2.0.21-4.1mdk.ppc.rpm 65040221b19ad9f5ec586f56b3bad493 ppc/8.2/RPMS/openldap-back_sql-2.0.21-4.1mdk.ppc.rpm 755c51173127dc685cb75cf9a0f91cfe ppc/8.2/RPMS/openldap-clients-2.0.21-4.1mdk.ppc.rpm 71284648ef634f3e39109957245748fc ppc/8.2/RPMS/openldap-guide-2.0.21-4.1mdk.ppc.rpm 71d6408a3f2604c8836a9fe647057b60 ppc/8.2/RPMS/openldap-migration-2.0.21-4.1mdk.ppc.rpm b7a12cc1a6f1e0d0d66c1c9c2f53bd2a ppc/8.2/RPMS/openldap-servers-2.0.21-4.1mdk.ppc.rpm cb89f972abd81097100bc05e7cd41fcb ppc/8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm Mandrake Linux 9.0: 102ca496ebebc6c97ba8d3a69e00b9d5 9.0/RPMS/libldap2-2.0.25-7.1mdk.i586.rpm 86372052e6077d2fa6765f117b84f619 9.0/RPMS/libldap2-devel-2.0.25-7.1mdk.i586.rpm 757534b445f2a8994bb7d598a2476290 9.0/RPMS/libldap2-devel-static-2.0.25-7.1mdk.i586.rpm e4d93db53f8fa193dbb7fd1b5b4754a5 9.0/RPMS/openldap-2.0.25-7.1mdk.i586.rpm f086b7ced2e0a82b95f4e30454eefff2 9.0/RPMS/openldap-back_dnssrv-2.0.25-7.1mdk.i586.rpm 4ea977bcb5d2a81dcbc9a04d8a4e7f6a 9.0/RPMS/openldap-back_ldap-2.0.25-7.1mdk.i586.rpm 13849054f7b81ba72ce43bae49873df1 9.0/RPMS/openldap-back_passwd-2.0.25-7.1mdk.i586.rpm 38cd1230470b9bc5ba2c0753e02e606a 9.0/RPMS/openldap-back_sql-2.0.25-7.1mdk.i586.rpm bf63a8b7dd78f47528a3a90411be4d3b 9.0/RPMS/openldap-clients-2.0.25-7.1mdk.i586.rpm 32309fa668e037cc07dd9525e760d580 9.0/RPMS/openldap-guide-2.0.25-7.1mdk.i586.rpm b580692d2d45ad3132bdfce40c7774f0 9.0/RPMS/openldap-migration-2.0.25-7.1mdk.i586.rpm dc7bbbad1dfa8fd83b4e0cdd243f09cc 9.0/RPMS/openldap-servers-2.0.25-7.1mdk.i586.rpm 3e2d88fee3f8f4024e833ae1897959ec 9.0/SRPMS/openldap-2.0.25-7.1mdk.src.rpm Multi Network Firewall 8.2: 31dd7498be75a0c20989d6edbff69769 mnf8.2/RPMS/libldap2-2.0.21-4.1mdk.i586.rpm cb89f972abd81097100bc05e7cd41fcb mnf8.2/SRPMS/openldap-2.0.21-4.1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.7 (GNU/Linux) mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPaIRgQQEQIA BgUCPI+UAwAKCRDniYrgcHcf8xK5AKCm/Mq8qP8GE0o1hEX22QsJMZwH5gCfZ72H 8TacOb3oAmBdprf+K6gkdOiIRgQQEQIABgUCOtOieAAKCRCv2bZyU0yB80MeAJ9K +jXt0cKuaUonRU+CRGetk6t9dgCfTRRL6/puOKdD6md70+K5EBBSvsG0OE1hbmRy YWtlIExpbnV4IFNlY3VyaXR5IFRlYW0gPHNlY3VyaXR5QG1hbmRyYWtlc29mdC5j b20+iFcEExECABcFAjyPnuUFCwcKAwQDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmFi+ AJsHhohgnU3ik4+gy3EdFlB2i/MBoACg6lHn5cnVvTcmgNccWxeNxLLZI5e5AQ0E OWnn7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ 9F779FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzR xBXVJb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z 269s+A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN 6SCXVl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZ jTcl3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo 0NAiRYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJ EJGXlA== =yGlX - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+JOI8mqjQ0CJFipgRAnLcAKCCZ2Qz7uXwkowRPWAx/aLFpu3YsQCfTgja nuQNTH9Vr8qZ86nF8EcSgPQ= =Fids -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html