Scientific Linux: 2007-06-11 Low: OpenLDAP Security and Bug Fix Update

Jun 15, 2007 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory access control openldap memory leak low severity selfwrite access Scientific Linux

Low: openldap security and bug-fix update

Date: Fri, 15 Jun 2007 17:27:52 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux

From: Troy Dawson 
Subject: Security ERRATA for openldap on SL3,x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Low: openldap security and bug-fix update
Issue date:	2007-06-11
CVE Names:	CVE-2006-4600

A flaw was found in the way OpenLDAP handled selfwrite access. Users with
selfwrite access were able to modify the distinguished name of any user.
Users with selfwrite access should only be able to modify their own
distinguished name. (CVE-2006-4600)

A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An
application using this function could result in an Out Of Memory (OOM)
condition, crashing the application.

SL 3.0.x

 SRPMS:
	openldap-2.0.27-23.src.rpm
 i386:
	openldap-2.0.27-23.i386.rpm
	openldap-clients-2.0.27-23.i386.rpm
	openldap-devel-2.0.27-23.i386.rpm
	openldap-servers-2.0.27-23.i386.rpm
 x86_64:
	openldap-2.0.27-23.i386.rpm
	openldap-2.0.27-23.x86_64.rpm
	openldap-clients-2.0.27-23.x86_64.rpm
	openldap-devel-2.0.27-23.x86_64.rpm
	openldap-servers-2.0.27-23.x86_64.rpm

-Connie Sieh
-Troy Dawson

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here