Navigation
|
|
| Problem Description |
A format string flaw was discovered in the way that auth_ldap logs
information which may allow a remote attacker to execute arbitrary code
as the apache user if auth_ldap is used for authentication.
This update provides version 1.6.1 of auth_ldap which corrects the
problem. Only Corporate Server 2.1 shipped with a supported auth_ldap
package.
| Updated Packages |
Corporate Server 2.1
a579c887e48daaa8281ecdc4e1381fa0 corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.i586.rpm 3af337e3989aed18d9c6e634ecb3e47b corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64
b3c27d91b6fa68e557507318c8e18f0c x86_64/corporate/2.1/RPMS/mod_auth_ldap-1.6.1-1.2.C21mdk.x86_64.rpm 3af337e3989aed18d9c6e634ecb3e47b x86_64/corporate/2.1/SRPMS/auth_ldap-1.6.1-1.2.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0150
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.