Red Hat Directory Server 7.1 security update

An updated redhat-ds package containing a number of fixes is now available
as Red Hat Directory Server 7.1 Service Pack 2.

This update has been rated as having a moderate security impact by the Red
Hat Security Response Team.

Red Hat Directory Server is an LDAPv3 compliant server.

For the latest information, refer to the release notes at the
following URL:

http://www.redhat.com/docs/manuals/dir-server

Evgeny Legerov discovered several flaws affecting Red Hat Directory Server
using the GLEG ProtoVer LDAP test suite. A remote attacker who is able to
connect to the directory server could send malicious requests which would
cause the server to crash, leading to a denial of service. (CVE-2006-0451,
CVE-2006-0452, CVE-2006-0453)

This update also addresses the following issues:

* 173687 - When the Directory Server's effective user and the real user
are different, there was a small window that creates log files owned by
the real user, which should be owned by the effective user.

* 175063 - When an ldif file contains an entry with the dn that includes
escaped double quotes, importing the entry could fail and the
entry is skipped. The following reindex fails due to the skip.

* 175897 - There was a problem in evaluating the intersection of multiple
range searches when the attribute of each range search is different from
each other.

For example:

&(attr1 <= val1)(attr2 >= val2)

This issue has been fixed.

* 185477 - In previous 7.X versions of Red Hat Directory Server, importing
a malformed parent entry and some child entries resulted in the child
entries being successfully added without a parent.

* 184585 - The server did not allow a re-bind using SASL on the same
connection, returning error 49.

* 185765 - The password sync tool leaked memory.

* 181827 - Deleting an attribute value by trimming it's value to an empty
string in Active Directory did not sync to Red Hat Directory Server. This
issue has been fixed.

* 186657 - Sustained heavy password modification load on the Active
Directory side could potentially crash passsync.exe. This issue has been
fixed.

Users are advised to upgrade to this updated package, which resolves these
issues.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

173687 - deadlock caused by error log rotation and logging
175063 - entry with escaped characters fails to import and index
175897 - filter'd search not returning matches after index added
179135 - CVE-2006-0451 memory leaks using ber_scanf when handling bad BER packets (CVE-2006-0453)
179137 - CVE-2006-0452 recursion causes OOM with bad DN in dn2ancestor
181827 - WinSync: attribute trim to 0 length not sync'd from AD to RHDS
184585 - Re-binding when using SASL is not handled correctly
185477 - ldif2db allows entries without a parent to be imported
185765 - PassSync service leaks memory
186657 - PassSync crashed after running four hours under load

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0451
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0453
http://www.redhat.com/security/updates/classification/#moderate