openldap-2.3.43-12.1.0.1.AXS3
エラータID: AXSA:2010-390:03
Release date:
Tuesday, July 27, 2010 - 13:23
Subject:
openldap-2.3.43-12.1.0.1.AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
Security issues fixed with this release:
CVE-2010-0211
CVE-2010-0212
No description available at the time of reporting.
Solution:
Update packages.
CVEs:
CVE-2010-0211
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
CVE-2010-0212
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.
Additional Info:
N/A
Download:
SRPMS
- openldap-2.3.43-12.1.0.1.AXS3.src.rpm
MD5: 8046f37ecac5a800a8da471cc23482a4
SHA-256: 6b08e78016cd96d917e6cb6d810a8c436edcf0b6dd7e68f856d82d967a359659
Size: 14.83 MB
Asianux Server 3 for x86
- compat-openldap-2.3.43_2.2.29-12.1.0.1.AXS3.i386.rpm
MD5: 53346b9d7080a073d711c8fc6761b305
SHA-256: cfe7ba0de5cdcd1cb9a64689afd7834e2306da19e0c07fe48fa245f832ff1619
Size: 258.60 kB - openldap-2.3.43-12.1.0.1.AXS3.i386.rpm
MD5: eb8a7474d1ad615658f9763e9ec9e40a
SHA-256: d17b9c0de5b2c0b60eebb55903f003f9c29efba154d6faba0c691b96dc6f0f72
Size: 295.41 kB - openldap-clients-2.3.43-12.1.0.1.AXS3.i386.rpm
MD5: ac25eea1f46d46d2e70af983eb3a045e
SHA-256: f55fe2d7a518de1e185beb0bfd4923781e117e373ee0b0799bc589422d504203
Size: 217.24 kB - openldap-devel-2.3.43-12.1.0.1.AXS3.i386.rpm
MD5: 17ae39bb9d6d2357624a85ed0ef10577
SHA-256: e50cb46e70d76ec7572590da93de3c63d8d9c436e17b343f781e4f79d5ed9eef
Size: 1.55 MB - openldap-servers-2.3.43-12.1.0.1.AXS3.i386.rpm
MD5: ae336915e6350c03e330e828306898ef
SHA-256: 12fcf72187fbff18439096a9307721d77cdc92bada778c25a6cd29628b50cdaf
Size: 3.06 MB - openldap-servers-sql-2.3.43-12.1.0.1.AXS3.i386.rpm
MD5: ba87af662bda8fe5a309f952c6776b40
SHA-256: 3f312574e199d1c2a1b66ab9452c0f4cee920b404fc109ffb574c481cc03af6a
Size: 121.11 kB
Asianux Server 3 for x86_64
- compat-openldap-2.3.43_2.2.29-12.1.0.1.AXS3.x86_64.rpm
MD5: b2c08aef518863cb3c069c32200a09e8
SHA-256: ea8480476da94cc02fea945070f3e1d12a773b96d47834966b83002b1f845f1e
Size: 265.67 kB - openldap-2.3.43-12.1.0.1.AXS3.x86_64.rpm
MD5: 7a1e61bdc30de3ba55a10e849d068bcb
SHA-256: 440d224b0ca9ab114326aae2063b87e33f6b80e2767ef891484ef2b3112a47a4
Size: 303.20 kB - openldap-clients-2.3.43-12.1.0.1.AXS3.x86_64.rpm
MD5: d1fbbe9dfd2cfeb7bf2d9c8ca8750057
SHA-256: d2b029c61628fc1e2e4e5e4f4366a5be2c55e590cc2a50886443aa0428feb962
Size: 222.74 kB - openldap-devel-2.3.43-12.1.0.1.AXS3.x86_64.rpm
MD5: b0c0c7d4a4e99bbcd02b14b6899b845e
SHA-256: 5ac4b6332d6c3bf1c3edc3e1f4e5a98130fdac639c732900e1f305aae36af5ce
Size: 1.58 MB - openldap-servers-2.3.43-12.1.0.1.AXS3.x86_64.rpm
MD5: 769f3d7662bd6fbcf837a25f601b0533
SHA-256: 4c640110a5b77b830ed43aab93156a514900c319261d21c2efe011f282214ab8
Size: 2.19 MB - openldap-servers-sql-2.3.43-12.1.0.1.AXS3.x86_64.rpm
MD5: 36d35ef6c4abfcaecdfeb9aeb5221a1c
SHA-256: 11d20eaa5d13c9823263b1c4b729b94e3601f009a20160cea0ee0c8f9dc1c75b
Size: 123.25 kB
日本語