openldap-2.4.23-34.AXS4.1
エラータID: AXSA:2014-041:01
リリース日:
2014/03/18 Tuesday - 19:23
題名:
openldap-2.4.23-34.AXS4.1
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenLDAP の rwm オーバーレイは参照を適切にカウントしておらず,search リクエストの後にただちにアンバインドを行うことにより,リモートの攻撃者がサービス拒否 (slapd のクラッシュ) を引き起こす脆弱性があります。(CVE-2013-4449)
[Bug Fix]
- OpenLDAP が多くの同時アップデートを処理できず,サーバへ多くの並列アップデート要求を送信するとデッドロックを引き起こす問題を修正しました。
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-4449
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
追加情報:
N/A
ダウンロード:
SRPMS
- openldap-2.4.23-34.AXS4.1.src.rpm
MD5: 5f4f64e23fc9761979fd92faa0065ab4
SHA-256: 47e712c1d22d8461659161246ea7fb38c16611088bddf320ff5947da708de076
Size: 5.06 MB
Asianux Server 4 for x86
- openldap-2.4.23-34.AXS4.1.i686.rpm
MD5: 5e1dc647961148f779b89cc58e539407
SHA-256: 202bac78b273f7042f2c0e2ed8dd916aab541baa647c8a52d17db1e9e3bf4911
Size: 266.52 kB - openldap-clients-2.4.23-34.AXS4.1.i686.rpm
MD5: 27f43d68b1fb4b4726a6e3ca486254fa
SHA-256: 8dab1d19eb45271f77025fc38f1130ada1287491ffcacf023ed0ac2bb7c396c2
Size: 159.42 kB - openldap-devel-2.4.23-34.AXS4.1.i686.rpm
MD5: 567939a52c5fff3ec5d94029b5fa0ae4
SHA-256: 808bf4263c0be1eabd12167396ec99240350d9294046203adb06da39c63735a6
Size: 1.09 MB - openldap-servers-2.4.23-34.AXS4.1.i686.rpm
MD5: 266487677ae6c0ff3efe3eb0c49045ce
SHA-256: 4434c2aa9850dff4eb71ba789a3f7040b1e6c7162e66a25cfe0a5ec537410a4e
Size: 2.01 MB
Asianux Server 4 for x86_64
- openldap-2.4.23-34.AXS4.1.x86_64.rpm
MD5: 3bad5a74af338b6467085a5758e80537
SHA-256: 244ce086d4d2772db6bb73345d24b6e985886a3bdeb08d042cab31bca508f0b1
Size: 264.64 kB - openldap-clients-2.4.23-34.AXS4.1.x86_64.rpm
MD5: 19527bfbf2ff81fa79ad822a414ec1a7
SHA-256: ad8b9c2dd40e1e9e57cc84319dcfe403155ee97b9d715f77b7c26ab6800834f6
Size: 164.61 kB - openldap-devel-2.4.23-34.AXS4.1.x86_64.rpm
MD5: 1aabd2ef2247e2a2716ade3b61d1a438
SHA-256: bd57ffbba4f52568a3e81b37b0a364da5091ed369a8584b558f0d9f3bb4ba45b
Size: 1.08 MB - openldap-servers-2.4.23-34.AXS4.1.x86_64.rpm
MD5: a7a592ebb0b1205fc2ab468328535576
SHA-256: c697a6ab04e52f3995c566d79426c73e0a7cadddd63b83d691b2353c1236ea67
Size: 2.01 MB - openldap-2.4.23-34.AXS4.1.i686.rpm
MD5: 5e1dc647961148f779b89cc58e539407
SHA-256: 202bac78b273f7042f2c0e2ed8dd916aab541baa647c8a52d17db1e9e3bf4911
Size: 266.52 kB - openldap-devel-2.4.23-34.AXS4.1.i686.rpm
MD5: 567939a52c5fff3ec5d94029b5fa0ae4
SHA-256: 808bf4263c0be1eabd12167396ec99240350d9294046203adb06da39c63735a6
Size: 1.09 MB