openldap-2.3.43-12.7.0.1.AXS3
エラータID: AXSA:2011-103:02
リリース日:
2011/03/21 Monday - 20:21
題名:
openldap-2.3.43-12.7.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- OpenLDAP の back-ldap の chain.c には, chain オーバーレイとppolicy_forward_updates と共にマスター-スレーブ設定を使用している場合, スレーブサーバへ不正なパスワードを送信することによって, リモートの認証されたユーザが外部プログラムの認証を迂回する脆弱性があります。(CVE-2011-1024)<br />
<br />
[Bug Fix]<br />
- 複数のコネクションが OpenLDAP に同時にアクセスすると, slapd サービスがアサーションエラーで突然終了してしまう問題を修正しました。<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-1024
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.
追加情報:
N/A
ダウンロード:
SRPMS
- openldap-2.3.43-12.7.0.1.AXS3.src.rpm
MD5: d8393e181dafefae9882be8ae96bd28f
SHA-256: 9adc9269977d7b9435325a212b8e6bc273d316f2dde20a00d15420e0c170c364
Size: 14.83 MB
Asianux Server 3 for x86
- compat-openldap-2.3.43_2.2.29-12.7.0.1.AXS3.i386.rpm
MD5: a50fe9e2ea8aa8fb29c686a4a66f3858
SHA-256: eee6ac0f86db2f2eb03a6688fe74f1b8953e11b2aca5aa1edd6106470b938c41
Size: 259.25 kB - openldap-2.3.43-12.7.0.1.AXS3.i386.rpm
MD5: 5c2d8c1889fcb56979aa871a69a9444d
SHA-256: aa872091bf38775b7c4978ea421ec932a47ea9c54211af1919e87c150bb8370b
Size: 296.52 kB - openldap-clients-2.3.43-12.7.0.1.AXS3.i386.rpm
MD5: 18503e4250b84f9ecb37f90a8a1591c9
SHA-256: 5e389663fb8c9e02560af0931e07f3165033d6ef87732d0315c9f64e9654ddd9
Size: 217.92 kB - openldap-devel-2.3.43-12.7.0.1.AXS3.i386.rpm
MD5: 2ef476d19f9fe0d043a0864c86592a01
SHA-256: bfc1b1962d761dd852b046f27dfea4654d33d37a8e6b38fb2185523ddfe67d77
Size: 1.56 MB - openldap-servers-2.3.43-12.7.0.1.AXS3.i386.rpm
MD5: f4a4f6bd03321e5fa4dff1e03fda9bff
SHA-256: aef2fa13c9602c4f38d896306a8506eed4f22ebc9c0dc73da1370c775c910b26
Size: 3.06 MB - openldap-servers-sql-2.3.43-12.7.0.1.AXS3.i386.rpm
MD5: 5a16c4c978a6925d481642d5aa148a10
SHA-256: 96f943483592750a1db92bad576feb8b274d81ecf7648bed3b062b7e6e013ede
Size: 121.79 kB
Asianux Server 3 for x86_64
- compat-openldap-2.3.43_2.2.29-12.7.0.1.AXS3.x86_64.rpm
MD5: cc74d0ae464c4ce5e87856e25ca468ea
SHA-256: 45dbb66389c0b6569fa07ebf339c62cf288ab03e4f637b2f2fb54f4dc9cc3cd3
Size: 266.34 kB - openldap-2.3.43-12.7.0.1.AXS3.x86_64.rpm
MD5: 49a2ec312a88640e3dc2e3d87dc5a544
SHA-256: eb3f1324618d75b389f17f71456a870945346b345ec8ce4db2372777242415c6
Size: 304.48 kB - openldap-clients-2.3.43-12.7.0.1.AXS3.x86_64.rpm
MD5: 9e8bd113f3c88c8565cc0aa73b7805df
SHA-256: c8becbafd0440e2e1a5e913a1df780b6fe1d467881ea22f15fb5a898676c6fbe
Size: 223.40 kB - openldap-devel-2.3.43-12.7.0.1.AXS3.x86_64.rpm
MD5: 845788a284929bef8e5f609e67ddb0da
SHA-256: 0dc7a1139c94ba308b26e36994f86d812dbda800a97e086b58a86f2202d9539d
Size: 1.58 MB - openldap-servers-2.3.43-12.7.0.1.AXS3.x86_64.rpm
MD5: 345b283025ef1cc4555f2d835e563ae4
SHA-256: 9b4cf52c492f2a15f41830c4bcbf407b9d9356ed12522c5db4252316ab18f2d7
Size: 2.19 MB - openldap-servers-sql-2.3.43-12.7.0.1.AXS3.x86_64.rpm
MD5: dadd3d230bda00a211c8ef22a6f8213a
SHA-256: 97510516ba89266338ec47c815eb5944e99c876ae4713d2da91e4524c7f52e7b
Size: 123.96 kB