Mandriva 1274 Published by

A pam_ldap security update has been released for Mandriva Linux 10.2

_______________________________________________________________________

Mandriva Linux Update Advisory
_______________________________________________________________________

Package name: pam_ldap
Advisory ID: MDKA-2005:032
Date: June 24th, 2005

Affected versions: 10.2
______________________________________________________________________

Problem Description:

This package fixes a bug that prevents password changes via pam_ldap from succeeding when configured to use the password type "exop" (via a "pam_password exop" entry in /etc/ldap.conf or the configuration file provided as an option in the pam configuration file) against a server which doens't allow exop password changes which include the old password (such as OpenLDAP 2.1.x).

The update applies the changes made between pam_ldap versions 174 and 175, and changes the behaviour for the "exop" password method to not send the old password. The behaviour that was exhibited by the original package may be obtained by changing the password method to "exop_send_old".



______________________________________________________________________

Updated Packages:

Mandrakelinux 10.2:
c434580c7d31b44c0e712cdf9fd6690a 10.2/RPMS/nss_ldap-220-5.1.102mdk.i586.rpm
92b0d732b5209b43cc9c088da9af21b6 10.2/RPMS/pam_ldap-170-5.1.102mdk.i586.rpm
587d1feabf37950cda4941244a7248a3 10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
4f4f259ce9be37455c446a437895279d x86_64/10.2/RPMS/nss_ldap-220-5.1.102mdk.x86_64.rpm
897aa0e1d77b673ba7d8d47c75a81224 x86_64/10.2/RPMS/pam_ldap-170-5.1.102mdk.x86_64.rpm
587d1feabf37950cda4941244a7248a3 x86_64/10.2/SRPMS/nss_ldap-220-5.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com