Critical: redhat-ds-base security update

Advisory:	RHSA-2008:0269-2
Type:	Security Advisory
Severity:	Critical
Issued on:	2008-05-09
Last updated on:	2008-05-09
Affected Products:	Directory Server 8 EL4 Directory Server 8 EL5
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2008-1677

Details

An updated redhat-ds-base package that fixes a security issue is now
available for Red Hat Directory Server 8.0.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Red Hat Directory Server is an LDAPv3 compliant server. The redhat-ds-base
package includes the LDAP server and command line utilities for server
administration.

A buffer overflow flaw was found in the Red Hat Directory Server 8.0
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash, or,
possibly, execute arbitrary code. (CVE-2008-1677)

All users of Red Hat Directory Server should upgrade to this updated
package, which resolves this issue.

Solution

Users running Red Hat Directory Server on Red Hat Enterprise Linux:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server on Sun Solaris:

An updated Solaris packages in .pkg format are available in the Red Hat
Directory Server 8.0 Solaris channel on the Red Hat Network. This packages
should be installed/upgraded using Solaris native package management tools.

See also Red Hat Directory Server 8.0 Installation Guide for installation
instructions:
http://www.redhat.com/docs/manuals/dir-server/install/8.0/

Updated packages

Directory Server 8 EL4

SRPMS:
redhat-ds-base-8.0.3-16.el4dsrv.src.rpm	`24f7891da5439f99143b811a27ff2ecd`
redhat-ds-base-8.0.3-16.el4dsrv.src.rpm	`24f7891da5439f99143b811a27ff2ecd`

IA-32:
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm	`52296f1aba41a9483be3695e37e1b031`
redhat-ds-base-8.0.3-16.el4dsrv.i386.rpm	`52296f1aba41a9483be3695e37e1b031`
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm	`1543766b55f40a4ce1c0798851269564`
redhat-ds-base-devel-8.0.3-16.el4dsrv.i386.rpm	`1543766b55f40a4ce1c0798851269564`

x86_64:
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm	`a2cf9fb3e10f19654cb7f903e918e650`
redhat-ds-base-8.0.3-16.el4dsrv.x86_64.rpm	`a2cf9fb3e10f19654cb7f903e918e650`
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm	`329c8d467ebe2c9d5c753485e8ac3535`
redhat-ds-base-devel-8.0.3-16.el4dsrv.x86_64.rpm	`329c8d467ebe2c9d5c753485e8ac3535`

Directory Server 8 EL5

SRPMS:
redhat-ds-base-8.0.3-16.el5dsrv.src.rpm	`e2f49891d0b013c97024e1cc5d77f10f`

IA-32:
redhat-ds-base-8.0.3-16.el5dsrv.i386.rpm	`fb756da9f623ec5272eb28402b8fc3a0`
redhat-ds-base-devel-8.0.3-16.el5dsrv.i386.rpm	`208bffa94d9074100e6e428dec7dea4d`

x86_64:
redhat-ds-base-8.0.3-16.el5dsrv.x86_64.rpm	`d3da25772f2e54d11d949b99a8883c37`
redhat-ds-base-devel-8.0.3-16.el5dsrv.x86_64.rpm	`063fd62c29253a0c991e926a8ec52388`

(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/