MGASA-2012-0146
| Date: | July 9th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated openldap packages fix security vulnerability:
A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) processed certain search queries requesting only attributes and
no values. In certain configurations, a remote attacker could issue a
specially-crafted LDAP search query that, when processed by slapd, would
cause slapd to crash due to an assertion failure (CVE-2012-1164).
Updated Packages:
Mageia 1:
openldap-2.4.25-1.2.mga1
openldap-clients-2.4.25-1.2.mga1
openldap-doc-2.4.25-1.2.mga1
openldap-servers-2.4.25-1.2.mga1
openldap-tests-2.4.25-1.2.mga1
openldap-testprogs-2.4.25-1.2.mga1
lib(64)ldap2.4_2-2.4.25-1.2.mga1
lib(64)ldap2.4_2-devel-2.4.25-1.2.mga1
lib(64)ldap2.4_2-static-devel-2.4.25-1.2.mga1
Mageia 2:
openldap-2.4.29-2.1.mga2
openldap-clients-2.4.29-2.1.mga2
openldap-doc-2.4.29-2.1.mga2
openldap-servers-2.4.29-2.1.mga2
openldap-tests-2.4.29-2.1.mga2
openldap-testprogs-2.4.29-2.1.mga2
lib(64)ldap2.4_2-2.4.29-2.1.mga2
lib(64)ldap2.4_2-devel-2.4.29-2.1.mga2
lib(64)ldap2.4_2-static-devel-2.4.29-2.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1164
https://rhn.redhat.com/errata/RHSA-2012-0899.html
https://bugs.mageia.org/show_bug.cgi?id=6527
