Oval Definition:oval:com.redhat.rhsa:def:20070430
Revision Date:2007-06-11Version:632
Title:RHSA-2007:0430: openldap security and bug-fix update (Low)
Description:OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools.

  • A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. (CVE-2006-4600)

    A memory leak bug was found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application.

    All users are advised to upgrade to this updated openldap package, which contains a backported fix and is not vulnerable to these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-4600
    RHSA-2007:0430
    RHSA-2007:0430-01
    RHSA-2007:0430-01
    Platform(s):Red Hat Enterprise Linux 3
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • openldap is earlier than 0:2.0.27-23
  • AND openldap is signed with Red Hat master key
  • openldap-clients is earlier than 0:2.0.27-23
  • AND openldap-clients is signed with Red Hat master key
  • openldap-devel is earlier than 0:2.0.27-23
  • AND openldap-devel is signed with Red Hat master key
  • openldap-servers is earlier than 0:2.0.27-23
  • AND openldap-servers is signed with Red Hat master key
    • BACK