______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: openldap Advisory ID: MDKSA-2002:013 Date: February 11th, 2002 Affected versions: 8.0, 8.1 ______________________________________________________________________ Problem Description: A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it's values with an empty list. Schema checking is still enforced, so a user can only remove attributes that the schema does not require the object to possess. ______________________________________________________________________ References: http://www.openldap.org/lists/openldap-announce/200201/msg00002.html ______________________________________________________________________ Updated Packages: Mandrake Linux 8.0: a4ea2aa5bb6c7c4b934c1800333c0110 8.0/RPMS/libldap2-2.0.21-1.1mdk.i586.rpm 40bc04709e1b3db1da7265126fff0b13 8.0/RPMS/libldap2-devel-2.0.21-1.1mdk.i586.rpm c45e4e7fb4f3e51b1ece20cdb52d3e67 8.0/RPMS/libldap2-devel-static-2.0.21-1.1mdk.i586.rpm 85705191370619eccd7a9b2236824017 8.0/RPMS/openldap-2.0.21-1.1mdk.i586.rpm 0250dfede9e550fa249d25da89febb7a 8.0/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.i586.rpm c881500493f181cdf296c6c8bf13f7d9 8.0/RPMS/openldap-back_ldap-2.0.21-1.1mdk.i586.rpm e24c83f2e4c425f1d612893f62c82b8c 8.0/RPMS/openldap-back_passwd-2.0.21-1.1mdk.i586.rpm 550d03d3981388c1a52e3b03d599f5e0 8.0/RPMS/openldap-back_sql-2.0.21-1.1mdk.i586.rpm 4ed6fd689475cc64a0164fb480eb21f1 8.0/RPMS/openldap-clients-2.0.21-1.1mdk.i586.rpm 844b6fefc89169f7d494e642c92ff663 8.0/RPMS/openldap-guide-2.0.21-1.1mdk.i586.rpm 9f7e5592d36bb6659f998ca8a8d081f6 8.0/RPMS/openldap-migration-2.0.21-1.1mdk.i586.rpm ea0c8d785910c0ddba8beca9be03de43 8.0/RPMS/openldap-servers-2.0.21-1.1mdk.i586.rpm 0285330fe55e658eb3b445b3ec9f3153 8.0/RPMS/php-ldap-4.0.6-2.3mdk.i586.rpm c80bbb15fb0138100eac3048a9bf3922 8.0/SRPMS/openldap-2.0.21-1.1mdk.src.rpm 1c85de046d4fdaa5e61697c4971e8a3e 8.0/SRPMS/php-ldap-4.0.6-2.3mdk.src.rpm Mandrake Linux 8.0/ppc: c4e1d8fa267d602d572e3d6cc1733c20 ppc/8.0/RPMS/libldap2-2.0.21-1.1mdk.ppc.rpm f384da84692eae4bc329f6ea819f4ee9 ppc/8.0/RPMS/libldap2-devel-2.0.21-1.1mdk.ppc.rpm de3a17f974867c440fbdf0c895da5c6a ppc/8.0/RPMS/libldap2-devel-static-2.0.21-1.1mdk.ppc.rpm 65a34a39b3390a9096d7585e28bf41f6 ppc/8.0/RPMS/openldap-2.0.21-1.1mdk.ppc.rpm cf59e173f02bf6b40c3e0cbffcd1c6f0 ppc/8.0/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.ppc.rpm e1fff4d04c41e93849adbb44e69a8d16 ppc/8.0/RPMS/openldap-back_ldap-2.0.21-1.1mdk.ppc.rpm 9761d8c4884694395b24378b570a7a6a ppc/8.0/RPMS/openldap-back_passwd-2.0.21-1.1mdk.ppc.rpm 57c903b08c537f7d9bfed49001359a42 ppc/8.0/RPMS/openldap-back_sql-2.0.21-1.1mdk.ppc.rpm 0fa23cb53df25a25b281e2626d8cb7ea ppc/8.0/RPMS/openldap-clients-2.0.21-1.1mdk.ppc.rpm 6383cb6ee54c42988473a1e0ba25b919 ppc/8.0/RPMS/openldap-guide-2.0.21-1.1mdk.ppc.rpm b421651eb7fb765f2ba559236b661913 ppc/8.0/RPMS/openldap-migration-2.0.21-1.1mdk.ppc.rpm ace71e29d6176ee1222399b586862b7e ppc/8.0/RPMS/openldap-servers-2.0.21-1.1mdk.ppc.rpm 2d789452df385b00d0f12415f6e9b59d ppc/8.0/RPMS/php-ldap-4.0.6-2.3mdk.ppc.rpm c80bbb15fb0138100eac3048a9bf3922 ppc/8.0/SRPMS/openldap-2.0.21-1.1mdk.src.rpm 1c85de046d4fdaa5e61697c4971e8a3e ppc/8.0/SRPMS/php-ldap-4.0.6-2.3mdk.src.rpm Mandrake Linux 8.1: 6e5171b6b3e6581d5ef5e15c41c9035d 8.1/RPMS/libldap2-2.0.21-1.1mdk.i586.rpm 472753f50ba6e64c88707af4438afe77 8.1/RPMS/libldap2-devel-2.0.21-1.1mdk.i586.rpm d3595c25d4aa67e19dc82881f46d1442 8.1/RPMS/libldap2-devel-static-2.0.21-1.1mdk.i586.rpm 904a950261ccf85ef78044a8ccf9a288 8.1/RPMS/openldap-2.0.21-1.1mdk.i586.rpm 63fa21f0ba0ab3d6634ff04e764e4563 8.1/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.i586.rpm 551940bb0358ff36b79dd8b2d6b3a9e9 8.1/RPMS/openldap-back_ldap-2.0.21-1.1mdk.i586.rpm 4831a196a71a84dec17ce5fc1bd505ee 8.1/RPMS/openldap-back_passwd-2.0.21-1.1mdk.i586.rpm efe4fd7721b7832e302c04dac70ca7f5 8.1/RPMS/openldap-back_sql-2.0.21-1.1mdk.i586.rpm bfa2044b93cd24e8fe12b35bb1d94fdf 8.1/RPMS/openldap-clients-2.0.21-1.1mdk.i586.rpm de8cafd8590e2ed7208fdd4df39003b1 8.1/RPMS/openldap-guide-2.0.21-1.1mdk.i586.rpm 16c7a80d0f0d8b9aebf23b7bdfa73887 8.1/RPMS/openldap-migration-2.0.21-1.1mdk.i586.rpm 9f500030ec136c56a3049a46d2264723 8.1/RPMS/openldap-servers-2.0.21-1.1mdk.i586.rpm 2c9ea69da75488c3ad505a5879424860 8.1/RPMS/php-ldap-4.0.6-3.1mdk.i586.rpm c80bbb15fb0138100eac3048a9bf3922 8.1/SRPMS/openldap-2.0.21-1.1mdk.src.rpm 8904f1651e936d04d064831fffd396be 8.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm Mandrake Linux 8.1/ia64: 75d918f8733e9e7ab6bce3b67877a817 ia64/8.1/RPMS/libldap2-2.0.21-1.1mdk.ia64.rpm f36ad2bdba15cb59f388e8af0640af23 ia64/8.1/RPMS/libldap2-devel-2.0.21-1.1mdk.ia64.rpm 39b781a5573ead30dc82ff1b62557a5b ia64/8.1/RPMS/libldap2-devel-static-2.0.21-1.1mdk.ia64.rpm a304a3f37dbcfbcefc7713e778db2266 ia64/8.1/RPMS/openldap-2.0.21-1.1mdk.ia64.rpm 3f20234f9ac223169e737a7fa66edcc7 ia64/8.1/RPMS/openldap-back_dnssrv-2.0.21-1.1mdk.ia64.rpm b83e978653e60b03acb7df7b3e1eeb52 ia64/8.1/RPMS/openldap-back_ldap-2.0.21-1.1mdk.ia64.rpm 9b4933b726790bbf5d1942da26c12d8d ia64/8.1/RPMS/openldap-back_passwd-2.0.21-1.1mdk.ia64.rpm cb19a3584ac1332a935cbc8a6fb5b910 ia64/8.1/RPMS/openldap-back_sql-2.0.21-1.1mdk.ia64.rpm ac19dca5b367df61902387e2909335ff ia64/8.1/RPMS/openldap-clients-2.0.21-1.1mdk.ia64.rpm 19e1eb8a69cb7454581d4dac7c97d5d8 ia64/8.1/RPMS/openldap-guide-2.0.21-1.1mdk.ia64.rpm eaa92675635c73d6a12d7339a7404dca ia64/8.1/RPMS/openldap-migration-2.0.21-1.1mdk.ia64.rpm 5ca2da579c85ea86ceb477f0a6223fea ia64/8.1/RPMS/openldap-servers-2.0.21-1.1mdk.ia64.rpm 7935fe763fe3ad440dc72aef5dbc3d5b ia64/8.1/RPMS/php-ldap-4.0.6-3.1mdk.ia64.rpm c80bbb15fb0138100eac3048a9bf3922 ia64/8.1/SRPMS/openldap-2.0.21-1.1mdk.src.rpm 8904f1651e936d04d064831fffd396be ia64/8.1/SRPMS/php-ldap-4.0.6-3.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org mQGiBDlp594RBAC2tDozI3ZgQsE7XwxurJCJrX0L5vx7SDByR5GHDdWekGhdiday L4nfUax+SeR9SCoCgTgPW1xB8vtQc8/sinJlMjp9197a2iKM0FOcPlkpa3HcOdt7 WKJqQhlMrHvRcsivzcgqjH44GBBJIT6sygUF8k0lU6YnMHj5MPc/NGWt8wCg9vKo P0l5QVAFSsHtqcU9W8cc7wMEAJzQsAlnvPXDBfBLEH6u7ptWFdp0GvbSuG2wRaPl hynHvRiE01ZvwbJZXsPsKm1z7uVoW+NknKLunWKB5axrNXDHxCYJBzY3jTeFjsqx PFZkIEAQphLTkeXXelAjQ5u9tEshPswEtMvJvUgNiAfbzHfPYmq8D6x5xOw1IySg 2e/LBACxr2UJYCCB2BZ3p508mAB0RpuLGukq+7UWiOizy+kSskIBg2O7sQkVY/Cs iyGEo4XvXqZFMY39RBdfm2GY+WB/5NFiTOYJRKjfprP6K1YbtsmctsX8dG+foKsD LLFs7OuVfaydLQYp1iiN6D+LJDSMPM8/LCWzZsgr9EKJ8NXiyrQ6TGludXggTWFu ZHJha2UgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAbGludXgtbWFuZHJha2UuY29t PohWBBMRAgAWBQI5aefeBAsKBAMDFQMCAxYCAQIXgAAKCRCaqNDQIkWKmK6LAKCy /NInDsaMSI+WHwrquwC5PZrcnQCeI+v3gUDsNfQfiKBvQSANu1hdulqIRgQQEQIA BgUCOtNVGQAKCRBZ5w3um0pAJJWQAKDUoL5He+mKbfrMaTuyU5lmRyJ0fwCgoFAP WdvQlu/kFjphF740XeOwtOqIRgQQEQIABgUCOu8A6QAKCRBynDnb9lq3CnpjAJ4w Pk0SEE9U4r40IxWpwLU+wrWVugCdFfSPllPpZRCiaC7HwbFcfExRmPa5AQ0EOWnn 7xAEAOQlTVY4TiNo5V/iP0J1xnqjqlqZsU7yEBKo/gZz6/+hx75RURe1ebiJ9F77 9FQbpJ9Epz1KLSXvq974rnVb813zuGdmgFyk+ryA/rTR2RQ8h+EoNkwmATzRxBXV Jb57fFQjxOu4eNjZAtfII/YXb0uyXXrdr5dlJ/3eXrcO4p0XAAMFBACCxo6Z269s +A4v8C6Ui12aarOQcCDlV8cVG9LkyatU3FNTlnasqwo6EkaP572448weJWwN6SCX Vl+xOYLiK0hL/6Jb/O9Agw75yUVdk+RMM2I4fNEi+y4hmfMh2siBv8yEkEvZjTcl 3TpkTfzYky85tu433wmKaLFOv0WjBFSikohGBBgRAgAGBQI5aefvAAoJEJqo0NAi RYqYid0AoJgeWzXrEdIClBOSW5Q6FzqJJyaqAKC0Y9YI3UFlE4zSIGjcFlLJEJGX lA== =0ahQ - -----END PGP PUBLIC KEY BLOCK-----