Red Hat 9037 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: openldap security and bug-fix update
Advisory ID: RHSA-2007:0430-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0430.html
Issue date: 2007-06-07
Updated on: 2007-06-11
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-4600
- ---------------------------------------------------------------------

1. Summary:

A updated openldap packages that fix a security flaw and a memory leak bug
are now available for Red Hat Enterprise Linux 3.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications, libraries and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
Users with selfwrite access should only be able to modify their own
distinguished name. (CVE-2006-4600)

A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An
application using this function could result in an Out Of Memory (OOM)
condition, crashing the application.

All users are advised to upgrade to this updated openldap package,
which contains a backported fix and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

174830 - ldap_start_tls_s() leaks
234222 - CVE-2006-4600 openldap improper selfwrite access

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm
b25d30b22f05c54f7b3a8b47bdd72c81 openldap-servers-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm
f3f74213f1009bbba1ed742abeb4e516 openldap-servers-2.0.27-23.ia64.rpm

ppc:
eae9e7dbec414c10a54770a94c57d735 openldap-2.0.27-23.ppc.rpm
378cb9ba97f25107ebc060f644fadf80 openldap-2.0.27-23.ppc64.rpm
d9e0f7aeeafb14a1288a8384fd8ef9f8 openldap-clients-2.0.27-23.ppc.rpm
8b2bdb320e3bcd014213b319622548b1 openldap-debuginfo-2.0.27-23.ppc.rpm
a8f14b56b5ea45416e40b613180e38f9 openldap-debuginfo-2.0.27-23.ppc64.rpm
522fe726a5373a5c42435bff8b395609 openldap-devel-2.0.27-23.ppc.rpm
f89e5e5c020e6bafc5e154ab10ad9ae5 openldap-servers-2.0.27-23.ppc.rpm

s390:
68148e3af61ca4cc0267f3a6f07cc059 openldap-2.0.27-23.s390.rpm
895b116e8923751dfabc9cf41c025eb3 openldap-clients-2.0.27-23.s390.rpm
6b3e9abe28b4e3a421720d1ef674e7ef openldap-debuginfo-2.0.27-23.s390.rpm
06f139c14fc7d9ec5f61ba84be7c2a5b openldap-devel-2.0.27-23.s390.rpm
cde08dd02987c20e08a930aecbe0d194 openldap-servers-2.0.27-23.s390.rpm

s390x:
68148e3af61ca4cc0267f3a6f07cc059 openldap-2.0.27-23.s390.rpm
2d97098935b12bc7a7155934bb8d849f openldap-2.0.27-23.s390x.rpm
1c36f1d2341ce25813f1b4e47b4df10c openldap-clients-2.0.27-23.s390x.rpm
6b3e9abe28b4e3a421720d1ef674e7ef openldap-debuginfo-2.0.27-23.s390.rpm
10cb268523d05fb561a0a5d5fbb7db0d openldap-debuginfo-2.0.27-23.s390x.rpm
f35adeafb6acb5d00e3082f68744f55b openldap-devel-2.0.27-23.s390x.rpm
4c0f4dcab4a8eec4bbbde1b8c43e9c34 openldap-servers-2.0.27-23.s390x.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm
2d067b74d6f3f5958bab9ff858fdebdb openldap-servers-2.0.27-23.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm
b25d30b22f05c54f7b3a8b47bdd72c81 openldap-servers-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm
f3f74213f1009bbba1ed742abeb4e516 openldap-servers-2.0.27-23.ia64.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm
2d067b74d6f3f5958bab9ff858fdebdb openldap-servers-2.0.27-23.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openldap-2.0.27-23.src.rpm
721067ddef48cd17a6bd7e0abe02f1e9 openldap-2.0.27-23.src.rpm

i386:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
9c7db12d4f759980e68c91518ac16e11 openldap-clients-2.0.27-23.i386.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
cb9621e2fcb1df0c6846b75df581dc43 openldap-devel-2.0.27-23.i386.rpm

ia64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
335726afe643e27affccda635c134294 openldap-2.0.27-23.ia64.rpm
e5182b0087ecc39c7587501f813fc434 openldap-clients-2.0.27-23.ia64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
8aba8bda246579270a49ac77f28c3031 openldap-debuginfo-2.0.27-23.ia64.rpm
b154bf80b33f1d373df7ef7e5991752e openldap-devel-2.0.27-23.ia64.rpm

x86_64:
76864d423b4f2163bb70f3e277c9c775 openldap-2.0.27-23.i386.rpm
32ad45bbb056b1a0ee0d12f723e59b85 openldap-2.0.27-23.x86_64.rpm
0eacf9f2230c97b479e5a856285a0c95 openldap-clients-2.0.27-23.x86_64.rpm
c364c24862c870a16fe1aa2f3d944713 openldap-debuginfo-2.0.27-23.i386.rpm
e8046625ff81d288a2626c68f464f5d8 openldap-debuginfo-2.0.27-23.x86_64.rpm
afed14760c05fb02c6131761899608cc openldap-devel-2.0.27-23.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4600
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGbYwRXlSAg2UNWIIRAuUOAJ9gYpFb+pVCsagXtVpXWzPvnmONCgCguJqO
A5R0q3twAA5FfTou9vV5sw0=
=lpJ2
-----END PGP SIGNATURE-----