what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-130

Mandriva Linux Security Advisory 2012-130
Posted Aug 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-130 - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1164
SHA-256 | 15e682bf17192a767c067672be6251b9e0fad5a2b5601ea063b950e8a67a46ae
Download | Favorite | View

Mandriva Linux Security Advisory 2012-130

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:130
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openldap
 Date    : August 11, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was found and corrected in openldap:
 
 slapd in OpenLDAP before 2.4.30 allows remote attackers to cause
 a denial of service (assertion failure and daemon exit) via an LDAP
 search query with attrsOnly set to true, which causes empty attributes
 to be returned (CVE-2012-1164).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1164
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 a0f585b9cc602e2c390779878ec28b60  2011/i586/libldap2.4_2-2.4.25-5.1-mdv2011.0.i586.rpm
 6e8470f34585ae872a9dbb6f8e6ab8fd  2011/i586/libldap2.4_2-devel-2.4.25-5.1-mdv2011.0.i586.rpm
 1a6510f01195dd6a5e3c9efb12a3ae23  2011/i586/libldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0.i586.rpm
 b615006da5dc8c0c4446a95398333103  2011/i586/openldap-2.4.25-5.1-mdv2011.0.i586.rpm
 e3687af48b45b74e07d2c6a361b9fcb9  2011/i586/openldap-clients-2.4.25-5.1-mdv2011.0.i586.rpm
 28b1da2d9f1ef884586c05fc2b515af8  2011/i586/openldap-doc-2.4.25-5.1-mdv2011.0.i586.rpm
 48455ddb713e25579d7b896eeb54eb6c  2011/i586/openldap-servers-2.4.25-5.1-mdv2011.0.i586.rpm
 e644d57a43abf4927bc961288f0512d9  2011/i586/openldap-testprogs-2.4.25-5.1-mdv2011.0.i586.rpm
 9f523560004df136ebae73293be0a248  2011/i586/openldap-tests-2.4.25-5.1-mdv2011.0.i586.rpm 
 2a4fb614cb248777479f4ad0ada1b0e1  2011/SRPMS/openldap-2.4.25-5.1.src.rpm

 Mandriva Linux 2011/X86_64:
 fc5554a11943b9090bd2cedb459554bf  2011/x86_64/lib64ldap2.4_2-2.4.25-5.1-mdv2011.0.x86_64.rpm
 da0c6f883a4d575abf5deeb385a08351  2011/x86_64/lib64ldap2.4_2-devel-2.4.25-5.1-mdv2011.0.x86_64.rpm
 8c73dc06f564a4c8718cd1441198be65  2011/x86_64/lib64ldap2.4_2-static-devel-2.4.25-5.1-mdv2011.0.x86_64.rpm
 5506c097c009256c1e3f66ff80529c10  2011/x86_64/openldap-2.4.25-5.1-mdv2011.0.x86_64.rpm
 49b1a8bb2c5d287401d8a1213cfea6c6  2011/x86_64/openldap-clients-2.4.25-5.1-mdv2011.0.x86_64.rpm
 04106428c34666c3bd4d9ec11cad1149  2011/x86_64/openldap-doc-2.4.25-5.1-mdv2011.0.x86_64.rpm
 48c623cb77e989287d16e92d9f90f7fc  2011/x86_64/openldap-servers-2.4.25-5.1-mdv2011.0.x86_64.rpm
 59f3dea78861c5830892795265a231e1  2011/x86_64/openldap-testprogs-2.4.25-5.1-mdv2011.0.x86_64.rpm
 569a463c1a72ae93b5870adc88bd1259  2011/x86_64/openldap-tests-2.4.25-5.1-mdv2011.0.x86_64.rpm 
 2a4fb614cb248777479f4ad0ada1b0e1  2011/SRPMS/openldap-2.4.25-5.1.src.rpm

 Mandriva Enterprise Server 5:
 ac64bbc7d8ca200156dc536e6d75075a  mes5/i586/libldap2.4_2-2.4.11-3.5mdvmes5.2.i586.rpm
 f0b7f8e277b3034d18acd08d919cff05  mes5/i586/libldap2.4_2-devel-2.4.11-3.5mdvmes5.2.i586.rpm
 ca8f4df97b34b7a35b6a1990c9f57aeb  mes5/i586/libldap2.4_2-static-devel-2.4.11-3.5mdvmes5.2.i586.rpm
 5e80cdac51875822518f1d9aaefda9ba  mes5/i586/openldap-2.4.11-3.5mdvmes5.2.i586.rpm
 07e185aac8548187b5d11026219a624f  mes5/i586/openldap-clients-2.4.11-3.5mdvmes5.2.i586.rpm
 16523429cba27e613e0081716de274ea  mes5/i586/openldap-doc-2.4.11-3.5mdvmes5.2.i586.rpm
 92d3e40c6056770df384a97c8181ed5a  mes5/i586/openldap-servers-2.4.11-3.5mdvmes5.2.i586.rpm
 b64a33f139e42e8f333bb3ce67d9eed4  mes5/i586/openldap-testprogs-2.4.11-3.5mdvmes5.2.i586.rpm
 b66a2488feb9d77313a4e348160ed150  mes5/i586/openldap-tests-2.4.11-3.5mdvmes5.2.i586.rpm 
 8441575fd588b770f8c5d4429b6ae546  mes5/SRPMS/openldap-2.4.11-3.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 319bf68f32b9e90d4eb94f2dbb09c0ae  mes5/x86_64/lib64ldap2.4_2-2.4.11-3.5mdvmes5.2.x86_64.rpm
 c7e671ed1f8c7ab5d2ec344a9fc33007  mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.5mdvmes5.2.x86_64.rpm
 f8e6fa2bb5de0b0a2be8e2c32580a7dc  mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.5mdvmes5.2.x86_64.rpm
 59d6eb01cec1d1b7755ad34a27fd0e4e  mes5/x86_64/openldap-2.4.11-3.5mdvmes5.2.x86_64.rpm
 e68922e073e74f4304cad26a2feeef8e  mes5/x86_64/openldap-clients-2.4.11-3.5mdvmes5.2.x86_64.rpm
 c068cdde787faed3681520bf50f1af3b  mes5/x86_64/openldap-doc-2.4.11-3.5mdvmes5.2.x86_64.rpm
 fce9a3cd184d8b6e50e1042c27487de5  mes5/x86_64/openldap-servers-2.4.11-3.5mdvmes5.2.x86_64.rpm
 a14024eed2b706146f5c8352b3b6c66b  mes5/x86_64/openldap-testprogs-2.4.11-3.5mdvmes5.2.x86_64.rpm
 8749414f01b1add397e3798ceb48e27f  mes5/x86_64/openldap-tests-2.4.11-3.5mdvmes5.2.x86_64.rpm 
 8441575fd588b770f8c5d4429b6ae546  mes5/SRPMS/openldap-2.4.11-3.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQJq1wmqjQ0CJFipgRAq9uAJ4sDR3hT132yUqPnSojFtcBS0IVSgCfbMSA
MERS1gaVBfysasOAxm4fziU=
=dSpb
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close