rPath alert rPSA-2006-0099-1 (openldap) [LWN.net]


From:
    	       "Justin M. Forbes" <jmforbes@rpath.com>
To:
    	       <kbo>
Subject:
    	       rPSA-2006-0099-1 openldap openldap-clients openldap-servers
Date:
    	       Sat, 10 Jun 2006 05:16:01 +0200
Cc:
    	       <full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>,
 <lwn@lwn.net>
rPath Security Advisory: 2006-0099-1
Published: 2006-06-09
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Weakness
Updated Versions:
    openldap=/conary.rpath.com@rpl:devel//1/2.2.26-8.3-1
    openldap-clients=/conary.rpath.com@rpl:devel//1/2.2.26-8.3-1
    openldap-servers=/conary.rpath.com@rpl:devel//1/2.2.26-8.3-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://issues.rpath.com/browse/RPL-423
    http://secunia.com/advisories/20126

Description:
    Previous versions of the openldap server have a weakness reading
    the openldap status file.  This weakness may result in some
    vulnerability, which may include denial of service or remote
    privilege escalation when an openldap service is exposed.

From:		"Justin M. Forbes" <jmforbes@rpath.com>
To:		<kbo>
Subject:		rPSA-2006-0099-1 openldap openldap-clients openldap-servers
Date:		Sat, 10 Jun 2006 05:16:01 +0200
Cc:		<full-disclosure@lists.grok.org.uk>, <bugtraq@securityfocus.com>, <lwn@lwn.net>