Date: Tue, 7 Nov 2000 16:41:24 -0700 From: Kurt Seifried <seifried@SECURITYPORTAL.COM> Subject: LSLID:2000110702 - Mandrake - nss_ldap - MDKSA-2000:066 To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM LSLID:2000110702 ==================== MandrakeSoft Security Advisory Package name nss_ldap Date November 3rd, 2000 Advisory ID MDKSA-2000:066 Affected versions 7.0, 7.1, 7.2 Urgency Essential Problem Description: A race condition exists in versions of nss_ldap prior to version 121. On a system running nscd, a malicious user can cause the system to hang. Updated Packages: Please upgrade to the following packages: Linux-Mandrake 7.0: 44f932864c4865e791d309359be9b552 7.0/RPMS/nss_ldap-122-1mdk2.i586.rpm 62090065decf69e0fe91bda69fbc740d 7.0/SRPMS/nss_ldap-122-1mdk2.src.rpm Linux-Mandrake 7.1: 48ae0b8cee5c27d86f3b1e3ff4c36af7 7.1/RPMS/nss_ldap-122-1mdk1.i586.rpm 0682fda285a8eaad9e9a7f467181d0d4 7.1/SRPMS/nss_ldap-122-1mdk1.src.rpm Linux-Mandrake 7.2: e1f6b51807d21faddf60fc984611b243 7.2/RPMS/nss_ldap-122-1mdk1.i586.rpm 0682fda285a8eaad9e9a7f467181d0d4 7.2/SRPMS/nss_ldap-122-1mdk1.src.rpm References: SecurityFocus: 2000-10-27: Padl Software nss_ldap Local Denial of Service Vulnerability Upgrade: To upgrade automatically, use MandrakeUpdate. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". Verification: Please verify these md5 checksums of the updates prior to upgrading to ensure the integrity of the downloaded package. You can do this by running the md5sum program on the downloaded package by using "md5sum package.rpm". These packages are also signed by the Linux Mandrake Security Team for security. Use our GnuPG key to verify the packages with RPM. You can verify each package with the "rpm --checksig package_name" command. You can also verify the md5sums of each package using "rpm --checksig --nogpg package_name". Please note that in order to verify the GnuPG keys, you must have GnuPG installed, our public key added to your public key ring, and an RPM version of 3.0 or higher.