Security Advisory Critical: Red Hat Directory Server 7.1 Service Pack 6 security update

Advisory: RHSA-2008:0268-3
Type: Security Advisory
Severity: Critical
Issued on: 2008-05-09
Last updated on: 2008-05-09
Affected Products: Directory Server 7.1
OVAL: N/A
CVEs (cve.mitre.org): CVE-2008-1677

Details

An updated redhat-ds package that addresses a security issue is now
available as Red Hat Directory Server 7.1, Service Pack 6.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Red Hat Directory Server is an LDAPv3-compliant directory server.

A buffer overflow flaw was found in the Red Hat Directory Server 7.1
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash or possibly
execute arbitrary code. (CVE-2008-1677)

For more information about Service Pack 6, including upgrade and
installation instructions for users running Red Hat Directory Server 7.1 on
Solaris, please refer to the Red Hat Directory Server 7.1 SP6 release
notes, available at:

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP6/

All users of Red Hat Directory Server 7.1 should upgrade to Service Pack 6,
which resolves this issue.


Solution

This update is available via Red Hat Network.

Users running Red Hat Directory Server 7.1 on Red Hat Enterprise Linux
should consult the following Knowledge Base article for instruction on how
to install updated RPM packages: http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server 7.1 on Solaris should consult the
Service Pack 6 release notes (see above for URL) for installation and
upgrade instructions.

Updated packages

Directory Server 7.1
SRPMS:
redhat-ds-7.1SP6-9.RHEL3.src.rpm
File outdated by:  RHSA-2008:0596		     49033697c6de14f8a071e8a1ae8ae967
redhat-ds-7.1SP6-9.RHEL3.src.rpm
File outdated by:  RHSA-2008:0596		     49033697c6de14f8a071e8a1ae8ae967
redhat-ds-7.1SP6-9.RHEL4.src.rpm
File outdated by:  RHSA-2008:0596		     aef9dc3928f0d91dd0637183b1d28ed9
redhat-ds-7.1SP6-9.RHEL4.src.rpm
File outdated by:  RHSA-2008:0596		     aef9dc3928f0d91dd0637183b1d28ed9
 
IA-32:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
File outdated by:  RHSA-2008:0596		     4bc89c1f1773c066f8d33bc57c6b3cd6
redhat-ds-7.1SP6-9.RHEL3.i386.rpm
File outdated by:  RHSA-2008:0596		     4bc89c1f1773c066f8d33bc57c6b3cd6
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
File outdated by:  RHSA-2008:0596		     6bc5fb232f4f65c3104628b636bfa2d8
redhat-ds-7.1SP6-9.RHEL4.i386.rpm
File outdated by:  RHSA-2008:0596		     6bc5fb232f4f65c3104628b636bfa2d8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

182621 - Allow larger regex buffer to enable long substring filters
444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/