Skip to navigation

Security Advisory Low: openldap security and bug-fix update

Advisory: RHSA-2007:0430-2
Type: Security Advisory
Severity: Low
Issued on: 2007-06-11
Last updated on: 2007-06-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2006-4600

Details

A updated openldap packages that fix a security flaw and a memory leak bug
are now available for Red Hat Enterprise Linux 3.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access
Protocol) applications, libraries and development tools.

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
Users with selfwrite access should only be able to modify their own
distinguished name. (CVE-2006-4600)

A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An
application using this function could result in an Out Of Memory (OOM)
condition, crashing the application.

All users are advised to upgrade to this updated openldap package,
which contains a backported fix and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/SRPMS/openldap-2.0.27-23.src.rpm
Missing file
    MD5: 721067ddef48cd17a6bd7e0abe02f1e9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/i386/openldap-clients-2.0.27-23.i386.rpm
Missing file
    MD5: 9c7db12d4f759980e68c91518ac16e11
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/i386/openldap-devel-2.0.27-23.i386.rpm
Missing file
    MD5: cb9621e2fcb1df0c6846b75df581dc43
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/x86_64/openldap-2.0.27-23.x86_64.rpm
Missing file
    MD5: 32ad45bbb056b1a0ee0d12f723e59b85
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/x86_64/openldap-clients-2.0.27-23.x86_64.rpm
Missing file
    MD5: 0eacf9f2230c97b479e5a856285a0c95
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/x86_64/openldap-devel-2.0.27-23.x86_64.rpm
Missing file
    MD5: afed14760c05fb02c6131761899608cc
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/SRPMS/openldap-2.0.27-23.src.rpm
Missing file
    MD5: 721067ddef48cd17a6bd7e0abe02f1e9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/i386/openldap-clients-2.0.27-23.i386.rpm
Missing file
    MD5: 9c7db12d4f759980e68c91518ac16e11
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/i386/openldap-devel-2.0.27-23.i386.rpm
Missing file
    MD5: cb9621e2fcb1df0c6846b75df581dc43
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/i386/openldap-servers-2.0.27-23.i386.rpm
Missing file
    MD5: b25d30b22f05c54f7b3a8b47bdd72c81
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/ia64/openldap-2.0.27-23.ia64.rpm
Missing file
    MD5: 335726afe643e27affccda635c134294
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/ia64/openldap-clients-2.0.27-23.ia64.rpm
Missing file
    MD5: e5182b0087ecc39c7587501f813fc434
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/ia64/openldap-devel-2.0.27-23.ia64.rpm
Missing file
    MD5: b154bf80b33f1d373df7ef7e5991752e
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/ia64/openldap-servers-2.0.27-23.ia64.rpm
Missing file
    MD5: f3f74213f1009bbba1ed742abeb4e516
 
PPC:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/ppc/openldap-2.0.27-23.ppc.rpm
Missing file
    MD5: eae9e7dbec414c10a54770a94c57d735
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/ppc64/openldap-2.0.27-23.ppc64.rpm
Missing file
    MD5: 378cb9ba97f25107ebc060f644fadf80
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/ppc/openldap-clients-2.0.27-23.ppc.rpm
Missing file
    MD5: d9e0f7aeeafb14a1288a8384fd8ef9f8
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/ppc/openldap-devel-2.0.27-23.ppc.rpm
Missing file
    MD5: 522fe726a5373a5c42435bff8b395609
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/ppc/openldap-servers-2.0.27-23.ppc.rpm
Missing file
    MD5: f89e5e5c020e6bafc5e154ab10ad9ae5
 
s390:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/s390/openldap-2.0.27-23.s390.rpm
Missing file
    MD5: 68148e3af61ca4cc0267f3a6f07cc059
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/s390/openldap-clients-2.0.27-23.s390.rpm
Missing file
    MD5: 895b116e8923751dfabc9cf41c025eb3
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/s390/openldap-devel-2.0.27-23.s390.rpm
Missing file
    MD5: 06f139c14fc7d9ec5f61ba84be7c2a5b
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/s390/openldap-servers-2.0.27-23.s390.rpm
Missing file
    MD5: cde08dd02987c20e08a930aecbe0d194
 
s390x:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/s390/openldap-2.0.27-23.s390.rpm
Missing file
    MD5: 68148e3af61ca4cc0267f3a6f07cc059
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/s390x/openldap-2.0.27-23.s390x.rpm
Missing file
    MD5: 2d97098935b12bc7a7155934bb8d849f
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/s390x/openldap-clients-2.0.27-23.s390x.rpm
Missing file
    MD5: 1c36f1d2341ce25813f1b4e47b4df10c
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/s390x/openldap-devel-2.0.27-23.s390x.rpm
Missing file
    MD5: f35adeafb6acb5d00e3082f68744f55b
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/s390x/openldap-servers-2.0.27-23.s390x.rpm
Missing file
    MD5: 4c0f4dcab4a8eec4bbbde1b8c43e9c34
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/x86_64/openldap-2.0.27-23.x86_64.rpm
Missing file
    MD5: 32ad45bbb056b1a0ee0d12f723e59b85
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/x86_64/openldap-clients-2.0.27-23.x86_64.rpm
Missing file
    MD5: 0eacf9f2230c97b479e5a856285a0c95
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/x86_64/openldap-devel-2.0.27-23.x86_64.rpm
Missing file
    MD5: afed14760c05fb02c6131761899608cc
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/x86_64/openldap-servers-2.0.27-23.x86_64.rpm
Missing file
    MD5: 2d067b74d6f3f5958bab9ff858fdebdb
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/SRPMS/openldap-2.0.27-23.src.rpm
Missing file
    MD5: 721067ddef48cd17a6bd7e0abe02f1e9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/i386/openldap-clients-2.0.27-23.i386.rpm
Missing file
    MD5: 9c7db12d4f759980e68c91518ac16e11
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/i386/openldap-devel-2.0.27-23.i386.rpm
Missing file
    MD5: cb9621e2fcb1df0c6846b75df581dc43
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/i386/openldap-servers-2.0.27-23.i386.rpm
Missing file
    MD5: b25d30b22f05c54f7b3a8b47bdd72c81
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/ia64/openldap-2.0.27-23.ia64.rpm
Missing file
    MD5: 335726afe643e27affccda635c134294
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/ia64/openldap-clients-2.0.27-23.ia64.rpm
Missing file
    MD5: e5182b0087ecc39c7587501f813fc434
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/ia64/openldap-devel-2.0.27-23.ia64.rpm
Missing file
    MD5: b154bf80b33f1d373df7ef7e5991752e
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/ia64/openldap-servers-2.0.27-23.ia64.rpm
Missing file
    MD5: f3f74213f1009bbba1ed742abeb4e516
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/x86_64/openldap-2.0.27-23.x86_64.rpm
Missing file
    MD5: 32ad45bbb056b1a0ee0d12f723e59b85
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/x86_64/openldap-clients-2.0.27-23.x86_64.rpm
Missing file
    MD5: 0eacf9f2230c97b479e5a856285a0c95
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/x86_64/openldap-devel-2.0.27-23.x86_64.rpm
Missing file
    MD5: afed14760c05fb02c6131761899608cc
ftp://updates.redhat.com/rhn/repository/NULL/openldap-servers/2.0.27-23/x86_64/openldap-servers-2.0.27-23.x86_64.rpm
Missing file
    MD5: 2d067b74d6f3f5958bab9ff858fdebdb
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/SRPMS/openldap-2.0.27-23.src.rpm
Missing file
    MD5: 721067ddef48cd17a6bd7e0abe02f1e9
 
IA-32:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/i386/openldap-clients-2.0.27-23.i386.rpm
Missing file
    MD5: 9c7db12d4f759980e68c91518ac16e11
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/i386/openldap-devel-2.0.27-23.i386.rpm
Missing file
    MD5: cb9621e2fcb1df0c6846b75df581dc43
 
IA-64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/ia64/openldap-2.0.27-23.ia64.rpm
Missing file
    MD5: 335726afe643e27affccda635c134294
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/ia64/openldap-clients-2.0.27-23.ia64.rpm
Missing file
    MD5: e5182b0087ecc39c7587501f813fc434
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/ia64/openldap-devel-2.0.27-23.ia64.rpm
Missing file
    MD5: b154bf80b33f1d373df7ef7e5991752e
 
x86_64:
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/i386/openldap-2.0.27-23.i386.rpm
Missing file
    MD5: 76864d423b4f2163bb70f3e277c9c775
ftp://updates.redhat.com/rhn/repository/NULL/openldap/2.0.27-23/x86_64/openldap-2.0.27-23.x86_64.rpm
Missing file
    MD5: 32ad45bbb056b1a0ee0d12f723e59b85
ftp://updates.redhat.com/rhn/repository/NULL/openldap-clients/2.0.27-23/x86_64/openldap-clients-2.0.27-23.x86_64.rpm
Missing file
    MD5: 0eacf9f2230c97b479e5a856285a0c95
ftp://updates.redhat.com/rhn/repository/NULL/openldap-devel/2.0.27-23/x86_64/openldap-devel-2.0.27-23.x86_64.rpm
Missing file
    MD5: afed14760c05fb02c6131761899608cc
 

Bugs fixed (see bugzilla for more information)

174830 - ldap_start_tls_s() leaks
234222 - CVE-2006-4600 openldap improper selfwrite access


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/