Security Advisory Updated nss_ldap packages are now available.

Advisory: RHSA-2000:024-03
Type: Security Advisory
Severity: N/A
Issued on: 2000-10-27
Last updated on: 2001-02-25
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2000-1045

Details

Updated nss_ldap packages are now available for Red Hat Linux 6.1, 6.2, and
7.

2000-11-27: Added packages for Red Hat Linux 7 for Alpha.

A race condition has been found in the nss_ldap package. On a system
running nscd, a malicious user can cause the system to hang.


Solution

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

Updated packages

Red Hat Linux 6.2
alpha:
ftp://updates.redhat.com/6.2/alpha/nss_ldap-122-1.6.alpha.rpm
Missing file		     08d8e980347fe7d81e29e1ca27e7cb09
 
i386:
ftp://updates.redhat.com/6.2/i386/nss_ldap-122-1.6.i386.rpm
Missing file		     4d47831ae8516106392e74f5e1f2fd02
 
sparc:
ftp://updates.redhat.com/6.2/sparc/nss_ldap-122-1.6.sparc.rpm
Missing file		     f12cc2e7f9ab1c5faed9c647bfcbab03
 
Red Hat Linux 7.0
alpha:
ftp://updates.redhat.com/7.0/alpha/nss_ldap-122-1.7.alpha.rpm
Missing file		     8c47242abcd4aa16174cb41da27cdd12
 
i386:
ftp://updates.redhat.com/7.0/i386/nss_ldap-122-1.7.i386.rpm
Missing file		     95337178e79472118cf33b0584462679
 

Bugs fixed (see bugzilla for more information)

19923 - nss_ldap has a bug that can deadlock a machine


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1045
N/A

Keywords

N/A

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/