Ispravljen je sigurnosni nedostatak programskog paketa openldap. Radi se o besplatnoj implementaciji LDAP (eng. Lightweight Directory Access Protocol) protokola. Nedostatak se nalazi u datoteci "chain.c", a očituje se ukoliko se koristi tzv. "master-slave" konfiguracija i "ppolicy_forward_updates". Nedostatak mogu iskoristiti udaljeni napadači kako bi zaobišli autentikaciju slanjem neispravne lozinke slave poslužitelju. Korisnici se potiču na korištenje najnovije inačice u kojoj je ispravljen opisani nedostatak.
CentOS Errata and Security Advisory 2011:0346 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0346.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
a2f19fad78baa59a398dd20213cd5875
compat-openldap-2.3.43_2.2.29-12.el5_6.7.i386.rpm
1b9d5cd9d7bce7bd8c11b3750ad24365
compat-openldap-2.3.43_2.2.29-12.el5_6.7.x86_64.rpm
71ff0433122394f0803c89a0aeda5384 openldap-2.3.43-12.el5_6.7.i386.rpm
ef1452a331b8b09940d04f682e3d6d9c openldap-2.3.43-12.el5_6.7.x86_64.rpm
954427fb9322f24753d08f0af0ce6ce3
openldap-clients-2.3.43-12.el5_6.7.x86_64.rpm
286da168c4c143cbce2005a1d5e53452 openldap-devel-2.3.43-12.el5_6.7.i386.rpm
c49e47309ff8807a7fa0290d2f3282dd openldap-devel-2.3.43-12.el5_6.7.x86_64.rpm
86ecab8a1ab9f9445c8df00099e8b16d
openldap-servers-2.3.43-12.el5_6.7.x86_64.rpm
8a74ab9fad9fec4029b2e92bafea3cae
openldap-servers-overlays-2.3.43-12.el5_6.7.x86_64.rpm
53f24464ffb523afceb1a18db6047c14
openldap-servers-sql-2.3.43-12.el5_6.7.x86_64.rpm
Source:
4c93b8635fda1303ed603675e02fcdae openldap-2.3.43-12.el5_6.7.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke