[MBT] new ticket for pkg openldap "Possible DoS on openldap"
bugs at pld.org.pl
bugs at pld.org.pl
Fri Mar 28 17:17:13 CET 2003
Date: 2003-03-28 17:17:13+01 Author: (kreutzm) <kreutzm at itp.uni-hannover.de>
Title: Possible DoS on openldap
Ticket ID: #624
Ticket URL: http://bugs.pld.org.pl/?bug=624
Package: openldap-1:2.0.27-3
Distribution: PLD-1.0.updates.security
Category: security problem
Current state: opened
Text:
The Security advisory from Suse SuSE-SA:2003:0008
has the following note, which I don't know if it applies to PLD:
The BER decoding routines of the openldap2 packages for SL 8.1 and SLES8 contained a bug which allowed remote attackers to mount a DoS attack against vulnerable OpenLDAP servers. It is necessary to update the openldap2-devel, openldap2-client and openldap2 packages in order to prevent such attack.
This seems to be different from
Revision 1.121 2002/12/09 15:11:18 qboosh
- added secpatch patch from SuSE (buffer overflows etc.)
which steems from an earlier Security anouncement from SuSE.
More information about the pld-bugs
mailing list