--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-177694 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177694 2006-01-24 --------------------------------------------------------------------- Name : auth_ldap Versions : rh7.3: auth_ldap-1.6.0-4.2.legacy Summary : This is an LDAP authentication module for Apache. Description : This is an authentication module for Apache that allows you to authenticate HTTP clients using user entries in an LDAP directory. --------------------------------------------------------------------- Update Information: An updated auth_ldap package that fixes a format string security issue is now available for testing for Red Hat Linux 7.3. The auth_ldap package is an httpd module that allows user authentication against information stored in an LDAP database. A format string flaw was found in the way auth_ldap logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if auth_ldap is used for user authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0150 to this issue. Note that this issue only affects servers that have auth_ldap installed and configured to perform user authentication against an LDAP database. All users of auth_ldap should upgrade to this updated package, which contains a backported patch to resolve this issue. This issue does not affect Red Had Linux 9, Fedora Core 1, 2 or 3 distributions as they do not include the auth_ldap package. --------------------------------------------------------------------- Changelogs * Wed Jan 18 2006 David Eisenstein <deisenst at gtw.net> 1.6.0-4.2.legacy - Add BuildRequires: apache, openldap, mm, mm-devel * Wed Jan 18 2006 David Eisenstein <deisenst at gtw.net> 1.6.0-4.1.legacy - Add patch (forward-ported from RHEL2.1's patch) for CVE-2006-0150, format string vulnerability. Bugzilla Bug #177694. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 38f70135bc17c313fecdb81f61e776ac032b796e redhat/7.3/updates-testing/i386/auth_ldap-1.6.0-4.2.legacy.i386.rpm 78b7ee876d5b900ff5268b1a396a59ca9f2385f0 redhat/7.3/updates-testing/SRPMS/auth_ldap-1.6.0-4.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
