openldap-2.4.19-15.AXS4.2
エラータID: AXSA:2011-98:01
リリース日:
2011/03/16 Wednesday - 13:10
題名:
openldap-2.4.19-15.AXS4.2
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. LDAP is a set of protocols for accessing directory services (usually phone book style information, but other information is possible) over the Internet, similar to the way DNS (Domain Name System) information is propagated over the Internet. The openldap package contains configuration files, libraries, and documentation for OpenLDAP.
Security issues fixed with this release:
CVE-2011-1024
CVE-2011-1025
CVE-2011-1081
No information available at the time of writing, please refer to the CVE links below.
解決策:
Update packages.
CVE:
CVE-2011-1024
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
CVE-2011-1025
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password.
CVE-2011-1081
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
追加情報:
N/A
ダウンロード:
SRPMS
- openldap-2.4.19-15.AXS4.2.src.rpm
MD5: c6b4ae08e4851502c1369af41087cb8a
SHA-256: 4fb27ad9aefdd9a6f75e5de73321b3b5369616f6d86eba6ff6949809095ede7c
Size: 30.59 MB
Asianux Server 4 for x86
- compat-openldap-2.4.19_2.3.43-15.AXS4.2.i686.rpm
MD5: b99694761203a7872e2af57614a010dd
SHA-256: 20edce1bcbaa78fe3156feec3ab515bfa3033538cd6581f6adf3545a787151d5
Size: 195.14 kB - openldap-2.4.19-15.AXS4.2.i686.rpm
MD5: b13a5d5a71276a3d7a3ad5763e1070f2
SHA-256: 0ebdf47f592cd6610bc02a5692e7ebf834a4202da0aa7e845f077cfca3267b7d
Size: 232.48 kB - openldap-clients-2.4.19-15.AXS4.2.i686.rpm
MD5: 3dc2431843941690339bea53fffc2e4b
SHA-256: 6e84e06c653811766364c4193a5f53c9c9feef9326fcab4f0404b1dc892f3a81
Size: 153.43 kB - openldap-devel-2.4.19-15.AXS4.2.i686.rpm
MD5: 3c6ebdbc06848e564bb88b4e442d766e
SHA-256: 2fc268ee9440c522bcf26d56fa0c9fbfd54a042e55d4e6d433ec91e06c74809e
Size: 0.95 MB - openldap-servers-2.4.19-15.AXS4.2.i686.rpm
MD5: bd18322b3153eb1d3c8a00656e52174e
SHA-256: 25894fb0e4c619b7a54650559a8408dcce41a8fc730ad3d6c16083b0f090eb4f
Size: 2.64 MB
Asianux Server 4 for x86_64
- compat-openldap-2.4.19_2.3.43-15.AXS4.2.x86_64.rpm
MD5: 74e6421f08c57277936cc08000c9fea9
SHA-256: 4630b9cea55e8c0f9d45c169f0f04be924225785b29e142646aae9fea22449f2
Size: 194.51 kB - openldap-2.4.19-15.AXS4.2.x86_64.rpm
MD5: 66870b009cb5b7311e48507add265157
SHA-256: 282affd159031eb3b1098c2f53958df181b79c151a277b9d7b8c75bf49b8387d
Size: 230.16 kB - openldap-clients-2.4.19-15.AXS4.2.x86_64.rpm
MD5: a2726801497a94bebc3738a236cccb28
SHA-256: 1bea5d1d45a9aa3ac639f7791b5778e469f239b64f628aeb319c4f5b97d2467f
Size: 155.73 kB - openldap-devel-2.4.19-15.AXS4.2.x86_64.rpm
MD5: 6e79be246c61feb305f9c88ad410d046
SHA-256: d6d853a5c4558f475b89de0d4b271873f09bc0af28766eb3fd338b44e1efb327
Size: 1.04 MB - openldap-servers-2.4.19-15.AXS4.2.x86_64.rpm
MD5: fafc8e12be5e9c0e0271a4d756f44309
SHA-256: cd26bd1643c392118d8a4fb0e5d20e851e332b6a3e2e9a6db091a5681ae791c1
Size: 2.62 MB - compat-openldap-2.4.19_2.3.43-15.AXS4.2.i686.rpm
MD5: b99694761203a7872e2af57614a010dd
SHA-256: 20edce1bcbaa78fe3156feec3ab515bfa3033538cd6581f6adf3545a787151d5
Size: 195.14 kB - openldap-2.4.19-15.AXS4.2.i686.rpm
MD5: b13a5d5a71276a3d7a3ad5763e1070f2
SHA-256: 0ebdf47f592cd6610bc02a5692e7ebf834a4202da0aa7e845f077cfca3267b7d
Size: 232.48 kB - openldap-devel-2.4.19-15.AXS4.2.i686.rpm
MD5: 3c6ebdbc06848e564bb88b4e442d766e
SHA-256: 2fc268ee9440c522bcf26d56fa0c9fbfd54a042e55d4e6d433ec91e06c74809e
Size: 0.95 MB