Recent Features
| |||||||||||||||||||
Pardus alert 2011-76 (openldap-server)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-76 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-26 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in openldap. Description =========== CVE-2011-1024: chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and policy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server. CVE-2011-1025: bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require authentication for the root Distinguished Name (DN), which allows remote attackers to bypass intended access restrictions via an arbitrary password. Affected packages: Pardus 2009: openldap-server, all before 2.4.23-28-10 Pardus 2011: openldap-server, all before 2.4.23-31-p11 Resolution ========== There are update(s) for openldap-server. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up openldap-server Pardus 2011: pisi up openldap-server References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17901 * http://bugs.pardus.org.tr/show_bug.cgi?id=17905 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||