SCIENTIFIC-LINUX-ERRATA Archives

March 2013

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
Date:
Mon, 4 Mar 2013 16:58:33 -0600
Reply-To:
Pat Riehecky <[log in to unmask]>
Subject:
Security ERRATA Important: nss-pam-ldapd on SL6.x i386/x86_64
MIME-Version:
1.0
Content-Transfer-Encoding:
7bit
Content-Type:
text/plain; charset="UTF-8"; format=flowed
Organization:
Fermilab
From:
Pat Riehecky <[log in to unmask]>
Parts/Attachments:
text/plain (25 lines) 
Synopsis:          Important: nss-pam-ldapd security update
Issue Date:        2013-03-04
CVE Numbers:       CVE-2013-0288
--

An array index error, leading to a stack-based buffer overflow flaw, was
found in the way nss-pam-ldapd managed open file descriptors. An attacker
able to make a process have a large number of open file descriptors and
perform name lookups could use this flaw to cause the process to crash or,
potentially, execute arbitrary code with the privileges of the user
running the process. (CVE-2013-0288)
--

SL6
   x86_64
     nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm
     nss-pam-ldapd-0.7.5-18.1.el6_4.x86_64.rpm
     nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm
     nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.x86_64.rpm
   i386
     nss-pam-ldapd-0.7.5-18.1.el6_4.i686.rpm
     nss-pam-ldapd-debuginfo-0.7.5-18.1.el6_4.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2