nss_ldap-253-3.1AXS3
エラータID: AXSA:2008-84:01
リリース日:
2008/09/22 Monday - 20:52
題名:
nss_ldap-253-3.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
nss_ldap には pthread ライブラリに対してリンクをし、nss_ldap を呼び出した後に fork した場合、LDAP 接続の取り扱いに不備があり、不正なプロセスにユーザデータを送信する、競合状態となる脆弱性が存在します。(CVE-2007-5794)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください
CVE:
CVE-2007-5794
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- nss_ldap-253-3.1AXS3.i386.rpm
MD5: 76f05bdb191060b791cfe510ff5724cd
SHA-256: ba5e25897bfdf43e469c8bd45ba4892ee498e49450e08ce6038e0716fee419a5
Size: 1.41 MB
Asianux Server 3 for x86_64
- nss_ldap-253-3.1AXS3.x86_64.rpm
MD5: 7c6fa3691b862285df2849f2b7b4de5f
SHA-256: 7d3ab4fef521692dacb94dc902d730a4791a564723c2c07851bafff6c1604d7e
Size: 1.38 MB