![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Tue, 7 Nov 2000 16:41:24 -0700
From: Kurt Seifried <seifried@SECURITYPORTAL.COM>
Subject: LSLID:2000110702 - Mandrake - nss_ldap - MDKSA-2000:066
To: LINUX-SECURITY@LISTSERV.SECURITYPORTAL.COM
LSLID:2000110702
====================
MandrakeSoft Security Advisory
Package name nss_ldap
Date November 3rd, 2000
Advisory ID MDKSA-2000:066
Affected versions 7.0, 7.1, 7.2
Urgency Essential
Problem Description:
A race condition exists in versions of nss_ldap prior to version 121. On a
system running nscd, a malicious user can cause the system to hang.
Updated Packages:
Please upgrade to the following packages:
Linux-Mandrake 7.0:
44f932864c4865e791d309359be9b552 7.0/RPMS/nss_ldap-122-1mdk2.i586.rpm
62090065decf69e0fe91bda69fbc740d 7.0/SRPMS/nss_ldap-122-1mdk2.src.rpm
Linux-Mandrake 7.1:
48ae0b8cee5c27d86f3b1e3ff4c36af7 7.1/RPMS/nss_ldap-122-1mdk1.i586.rpm
0682fda285a8eaad9e9a7f467181d0d4 7.1/SRPMS/nss_ldap-122-1mdk1.src.rpm
Linux-Mandrake 7.2:
e1f6b51807d21faddf60fc984611b243 7.2/RPMS/nss_ldap-122-1mdk1.i586.rpm
0682fda285a8eaad9e9a7f467181d0d4 7.2/SRPMS/nss_ldap-122-1mdk1.src.rpm
References:
SecurityFocus: 2000-10-27: Padl Software nss_ldap Local Denial of Service
Vulnerability
Upgrade:
To upgrade automatically, use MandrakeUpdate.
If you want to upgrade manually, download the updated package from one of our
FTP server mirrors and uprade with "rpm -Uvh package_name".
Verification:
Please verify these md5 checksums of the updates prior to upgrading to ensure
the integrity of the downloaded package. You can do this by running the md5sum
program on the downloaded package by using "md5sum package.rpm".
These packages are also signed by the Linux Mandrake Security Team for security.
Use our GnuPG key to verify the packages with RPM.
You can verify each package with the "rpm --checksig package_name" command. You
can also verify the md5sums of each package using "rpm --checksig --nogpg
package_name". Please note that in order to verify the GnuPG keys, you must have
GnuPG installed, our public key added to your public key ring, and an RPM
version of 3.0 or higher.