Synopsis: Moderate: openldap security and bug fix update
Issue date: 2011-03-10
CVE Names: CVE-2011-1024
A flaw was found in the way OpenLDAP handled authentication failures
being passed from an OpenLDAP slave to the master. If OpenLDAP was
configured with a chain overlay and it forwarded authentication
failures, OpenLDAP would bind to the directory as an anonymous user and
return success, rather than return failure on the authenticated bind.
This could allow a user on a system that uses LDAP for authentication to
log into a directory-based account without knowing the password.
(CVE-2011-1024)
This update also fixes the following bug:
* Previously, multiple concurrent connections to an OpenLDAP server
could cause the slapd service to terminate unexpectedly with an
assertion error. This update adds mutexes to protect multiple threads
from accessing a structure with a connection, and the slapd service no
longer crashes. (BZ#677611)
After installing this update, the OpenLDAP daemons will be restarted
automatically.
SL 5.x
SRPMS:
openldap-2.3.43-12.el5_6.7.src.rpm
i386:
compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm
openldap-2.3.43-12.el5_6.7.i386.rpm
openldap-clients-2.3.43-12.el5_6.7.i386.rpm
openldap-devel-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-overlays-2.3.43-12.el5_6.7.i386.rpm
openldap-servers-sql-2.3.43-12.el5_6.7.i386.rpm
x86_64:
compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm
compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm
openldap-2.3.43-12.el5_6.7.i386.rpm
openldap-2.3.43-12.el5_6.7.x86_64.rpm
openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm
openldap-devel-2.3.43-12.el5_6.7.i386.rpm
openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm
openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm
-Connie Sieh
-Troy Dawson
|