Skip to navigation

Security Advisory Low: openldap security update

Advisory: RHSA-2007:0310-2
Type: Security Advisory
Severity: Low
Issued on: 2007-05-01
Last updated on: 2007-05-01
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-4600

Details

A updated openldap packages that fix a security flaw is now available for
Red Hat Enterprise Linux 4.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
(CVE-2006-4600)

All users are advised to upgrade to these updated openldap packages, which
contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 4)

IA-32:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-clients-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 90de80e2d54e308fab31def982778336
openldap-devel-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: e7b2ebb7053cd2de3b6580e60a776030
openldap-servers-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3c5405ebd50dba9c33eab8827c7b86d7
openldap-servers-sql-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 9f09549a4bac7a15985e5c68d0e64f93
 
x86_64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 0857e9c56f0e0b1a79d030095c8bacfc
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: de900974e30e11b6c377d40e4f8e39e8
openldap-clients-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 959a8a1685419b90724959c823c068e1
openldap-devel-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8f9f3f89468bd592c97fe1287905ecda
openldap-servers-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 112dbb50c82fcd6545b03568b62b2159
openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 469c3b1f539bca8b76b7a97856ca6ec9
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-clients-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 90de80e2d54e308fab31def982778336
openldap-devel-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: e7b2ebb7053cd2de3b6580e60a776030
openldap-servers-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3c5405ebd50dba9c33eab8827c7b86d7
openldap-servers-sql-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 9f09549a4bac7a15985e5c68d0e64f93
 
IA-64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 67c1abbff376926a8ce8a349dcadc4c4
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 91ae8d90eadd2f44f94eea1e7f4de242
openldap-clients-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8b2b1f0763d68f0ba99ae7024a1007cc
openldap-devel-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: c31c0bc8b3fb33ff5c2586e8d532a1c6
openldap-servers-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: deef986e4e80960f184abcdfcb8b916d
openldap-servers-sql-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: f7d8e7436f307fe825921f6e44914d5b
 
PPC:
compat-openldap-2.1.30-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: d437ed52cb1c0d3861defe3dce935edb
compat-openldap-2.1.30-7.4E.ppc64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 7b48354b2a8d879adc2ce085797a2218
openldap-2.2.13-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: 98821d96824cc4c4354e4aae625b0a60
openldap-2.2.13-7.4E.ppc64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 922e9b90bc704cc0dc579d72a2d478be
openldap-clients-2.2.13-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: e7d9d75e050437294e14c9e42d8d5f55
openldap-devel-2.2.13-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: 295354e11427e192a92e49746c2b8800
openldap-servers-2.2.13-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: 14c8cc18be701894afc82b6880ace4af
openldap-servers-sql-2.2.13-7.4E.ppc.rpm
File outdated by:  RHBA-2010:0915
    MD5: 53a9c2088328b47c14319aa80d24e38a
 
s390:
compat-openldap-2.1.30-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: bf383f13cf7864a820f8a926c3e98a18
openldap-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8a4788f71401843555b552a2e4633184
openldap-clients-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 523f83037bbafc8a5738adc56e797c11
openldap-devel-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 07e54e63f580aa63a9434eeb23f5177d
openldap-servers-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3f30a3153ae36d729d2400865e0e4535
openldap-servers-sql-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 78c1c932920f29f1d4850c291e9174a5
 
s390x:
compat-openldap-2.1.30-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: bf383f13cf7864a820f8a926c3e98a18
compat-openldap-2.1.30-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: d50525d3e4a082c1b42d694850d85309
openldap-2.2.13-7.4E.s390.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8a4788f71401843555b552a2e4633184
openldap-2.2.13-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: c97e87d1230100bdef87955bdbe844b2
openldap-clients-2.2.13-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: 61bc7a53da94a42c3ce1b5c71abf50e1
openldap-devel-2.2.13-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: 21dc01c8fbc94cb6952c75fbde1c07db
openldap-servers-2.2.13-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: 4f4175522ab7e72bfb1f2998bae5ec76
openldap-servers-sql-2.2.13-7.4E.s390x.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3a45d711f7630f9e95b881ad53727eb4
 
x86_64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 0857e9c56f0e0b1a79d030095c8bacfc
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: de900974e30e11b6c377d40e4f8e39e8
openldap-clients-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 959a8a1685419b90724959c823c068e1
openldap-devel-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8f9f3f89468bd592c97fe1287905ecda
openldap-servers-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 112dbb50c82fcd6545b03568b62b2159
openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 469c3b1f539bca8b76b7a97856ca6ec9
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-clients-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 90de80e2d54e308fab31def982778336
openldap-devel-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: e7b2ebb7053cd2de3b6580e60a776030
openldap-servers-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3c5405ebd50dba9c33eab8827c7b86d7
openldap-servers-sql-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 9f09549a4bac7a15985e5c68d0e64f93
 
IA-64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 67c1abbff376926a8ce8a349dcadc4c4
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 91ae8d90eadd2f44f94eea1e7f4de242
openldap-clients-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8b2b1f0763d68f0ba99ae7024a1007cc
openldap-devel-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: c31c0bc8b3fb33ff5c2586e8d532a1c6
openldap-servers-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: deef986e4e80960f184abcdfcb8b916d
openldap-servers-sql-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: f7d8e7436f307fe825921f6e44914d5b
 
x86_64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 0857e9c56f0e0b1a79d030095c8bacfc
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: de900974e30e11b6c377d40e4f8e39e8
openldap-clients-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 959a8a1685419b90724959c823c068e1
openldap-devel-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8f9f3f89468bd592c97fe1287905ecda
openldap-servers-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 112dbb50c82fcd6545b03568b62b2159
openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 469c3b1f539bca8b76b7a97856ca6ec9
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-clients-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 90de80e2d54e308fab31def982778336
openldap-devel-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: e7b2ebb7053cd2de3b6580e60a776030
openldap-servers-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 3c5405ebd50dba9c33eab8827c7b86d7
openldap-servers-sql-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 9f09549a4bac7a15985e5c68d0e64f93
 
IA-64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 67c1abbff376926a8ce8a349dcadc4c4
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 91ae8d90eadd2f44f94eea1e7f4de242
openldap-clients-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8b2b1f0763d68f0ba99ae7024a1007cc
openldap-devel-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: c31c0bc8b3fb33ff5c2586e8d532a1c6
openldap-servers-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: deef986e4e80960f184abcdfcb8b916d
openldap-servers-sql-2.2.13-7.4E.ia64.rpm
File outdated by:  RHBA-2010:0915
    MD5: f7d8e7436f307fe825921f6e44914d5b
 
x86_64:
compat-openldap-2.1.30-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: 734452591616549fbf73e17b2271bd3e
compat-openldap-2.1.30-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 0857e9c56f0e0b1a79d030095c8bacfc
openldap-2.2.13-7.4E.i386.rpm
File outdated by:  RHBA-2010:0915
    MD5: ba9170df21f098d47d0b20f2398a0d75
openldap-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: de900974e30e11b6c377d40e4f8e39e8
openldap-clients-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 959a8a1685419b90724959c823c068e1
openldap-devel-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 8f9f3f89468bd592c97fe1287905ecda
openldap-servers-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 112dbb50c82fcd6545b03568b62b2159
openldap-servers-sql-2.2.13-7.4E.x86_64.rpm
File outdated by:  RHBA-2010:0915
    MD5: 469c3b1f539bca8b76b7a97856ca6ec9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

205826 - CVE-2006-4600 openldap improper selfwrite access


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/