-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : openldap SUMMARY : Several vulnerabilities DATE : 2002-12-19 12:39:00 ID : CLA-2002:556 RELEVANT RELEASES : 6.0, 7.0, 8 - ------------------------------------------------------------------------- DESCRIPTION OpenLDAP[1] is an LDAPv2 and LDAPv3 server available for several platforms. The SuSE Security Team reviewed critical parts of the OpenLDAP code and found several remote and local vulnerabilities, all fixed in this update. The vulnerabilities consists mainly in buffer overflows in both the OpenLDAP server and in the libraries provided with the OpenLDAP package. Some of these vulnerabilities can be exploited by attackers remotely or locally to compromise the OpenLDAP server or applications linked against the vulnerable libraries. Conectiva Linux 6.0 users should atent to the fact that the package openldap2 here updated was released as "experimental" in that distribution. SOLUTION It is recommended that all OpenLDAP 2.x users upgrade their packages. If the service is already running, the upgrade will automatically restart it. REFERENCES 1.http://www.openldap.org 2.http://www.suse.de/de/security/2002_047_openldap2.html UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-2.0.21-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-devel-2.0.21-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/openldap2-tests-2.0.21-1U60_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/openldap2-2.0.21-1U60_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-client-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-devel-static-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-doc-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/openldap-server-2.0.25-1U70_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/openldap-2.0.25-1U70_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-client-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-devel-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-devel-static-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-doc-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/openldap-server-2.0.25-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/openldap-2.0.25-1U80_3cl.src.rpm ADDITIONAL INSTRUCTIONS Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+Adst42jd0JmAcZARAqFlAKDZk2xRhkjpQixGBM3fUAc7d2Pn4gCfe9h+ UeZjQYERZq5OPNmzeKmgPBs= =WpX4 -----END PGP SIGNATURE-----
