=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN309
_____________________________________________________________________

DATE                      : 08/06/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running OpenLDAP.

======================================================================

  _______________________________________________________________________

  Mandriva Linux Security Advisory                         MDKSA-2006:096
  http://www.mandriva.com/security/
  _______________________________________________________________________

  Package : openldap
  Date    : June 7, 2006
  Affected: 10.2, 2006.0, Corporate 3.0
  _______________________________________________________________________

  Problem Description:

  A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow
  attackers to execute arbitrary code via a long hostname.

  Packages have been patched to correct this issue.
  _______________________________________________________________________

  References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754
  _______________________________________________________________________

  Updated Packages:

  Mandriva Linux 10.2:
  8a281bec432238a1f5b551ca9512bbe4 
10.2/RPMS/libldap2.2_7-2.2.23-5.2.102mdk.i586.rpm
  8da883025099c4a0a2d84e231537eb06 
10.2/RPMS/libldap2.2_7-devel-2.2.23-5.2.102mdk.i586.rpm
  e3d33c67cde6e42954855597bc8cbeb7 
10.2/RPMS/libldap2.2_7-static-devel-2.2.23-5.2.102mdk.i586.rpm
  39d447d7cfe1905f367866106e0a93c3  10.2/RPMS/openldap-2.2.23-5.2.102mdk.i586.rpm
  7cf3ba7abc86585f2b20643a5534bc3e 
10.2/RPMS/openldap-clients-2.2.23-5.2.102mdk.i586.rpm
  0a392204252086e1f69e66a743651370 
10.2/RPMS/openldap-doc-2.2.23-5.2.102mdk.i586.rpm
  8e30d69b6f1d7a089f1f7888be736152 
10.2/RPMS/openldap-migration-2.2.23-5.2.102mdk.i586.rpm
  5721773fc4cb14db7cbd86ec80fa2026 
10.2/RPMS/openldap-servers-2.2.23-5.2.102mdk.i586.rpm
  d8ef3d7bf845b64d066ef932f7cef9ad  10.2/SRPMS/openldap-2.2.23-5.2.102mdk.src.rpm

  Mandriva Linux 10.2/X86_64:
  98a53d8c9a96b099e2870e5bcdbe70cc 
x86_64/10.2/RPMS/lib64ldap2.2_7-2.2.23-5.2.102mdk.x86_64.rpm
  8c0b72d44fc6286ef03740166a5fed0c 
x86_64/10.2/RPMS/lib64ldap2.2_7-devel-2.2.23-5.2.102mdk.x86_64.rpm
  a4e8ab2d4bdc1f9bc150197d1d28eba3 
x86_64/10.2/RPMS/lib64ldap2.2_7-static-devel-2.2.23-5.2.102mdk.x86_64.rpm
  8a281bec432238a1f5b551ca9512bbe4 
x86_64/10.2/RPMS/libldap2.2_7-2.2.23-5.2.102mdk.i586.rpm
  8da883025099c4a0a2d84e231537eb06 
x86_64/10.2/RPMS/libldap2.2_7-devel-2.2.23-5.2.102mdk.i586.rpm
  e3d33c67cde6e42954855597bc8cbeb7 
x86_64/10.2/RPMS/libldap2.2_7-static-devel-2.2.23-5.2.102mdk.i586.rpm
  09c1d4441880e7614efd28e0ce068721 
x86_64/10.2/RPMS/openldap-2.2.23-5.2.102mdk.x86_64.rpm
  9705881b0d0f255782a3611de6ffb760 
x86_64/10.2/RPMS/openldap-clients-2.2.23-5.2.102mdk.x86_64.rpm
  1583f53a26007650c8678fa6814f03ae 
x86_64/10.2/RPMS/openldap-doc-2.2.23-5.2.102mdk.x86_64.rpm
  7184f0b73575647b498f0590cd089493 
x86_64/10.2/RPMS/openldap-migration-2.2.23-5.2.102mdk.x86_64.rpm
  c1025ea947b00cdebcd419fc817597ae 
x86_64/10.2/RPMS/openldap-servers-2.2.23-5.2.102mdk.x86_64.rpm
  d8ef3d7bf845b64d066ef932f7cef9ad 
x86_64/10.2/SRPMS/openldap-2.2.23-5.2.102mdk.src.rpm

  Mandriva Linux 2006.0:
  ea8791b7c1d68b6d909b2400fb33319f 
2006.0/RPMS/libldap2.3_0-2.3.6-4.1.20060mdk.i586.rpm
  703493c59b9f4d461e61ef728124005f 
2006.0/RPMS/libldap2.3_0-devel-2.3.6-4.1.20060mdk.i586.rpm
  9efdee4dc7c3648022d7db3ff032273e 
2006.0/RPMS/libldap2.3_0-static-devel-2.3.6-4.1.20060mdk.i586.rpm
  e1bea8e181354cb9491412df980a55b5  2006.0/RPMS/openldap-2.3.6-4.1.20060mdk.i586.rpm
  affa5cab856fe9a9c402136b8246cf53 
2006.0/RPMS/openldap-clients-2.3.6-4.1.20060mdk.i586.rpm
  5daac277569ffbac8995288ff0aeaced 
2006.0/RPMS/openldap-doc-2.3.6-4.1.20060mdk.i586.rpm
  a7ecd79a95ff817a349b032796332300 
2006.0/RPMS/openldap-servers-2.3.6-4.1.20060mdk.i586.rpm
  56f8cf3e40ab9ded4965b9e2ca528de3  2006.0/SRPMS/openldap-2.3.6-4.1.20060mdk.src.rpm

  Mandriva Linux 2006.0/X86_64:
  9808e28b5610e1eddd845db8ccee1f20 
x86_64/2006.0/RPMS/lib64ldap2.3_0-2.3.6-4.1.20060mdk.x86_64.rpm
  baf930097e1da0a4de75bfaef046025b 
x86_64/2006.0/RPMS/lib64ldap2.3_0-devel-2.3.6-4.1.20060mdk.x86_64.rpm
  790382e365cd57aaea323be85419e512 
x86_64/2006.0/RPMS/lib64ldap2.3_0-static-devel-2.3.6-4.1.20060mdk.x86_64.rpm
  ea8791b7c1d68b6d909b2400fb33319f 
x86_64/2006.0/RPMS/libldap2.3_0-2.3.6-4.1.20060mdk.i586.rpm
  703493c59b9f4d461e61ef728124005f 
x86_64/2006.0/RPMS/libldap2.3_0-devel-2.3.6-4.1.20060mdk.i586.rpm
  9efdee4dc7c3648022d7db3ff032273e 
x86_64/2006.0/RPMS/libldap2.3_0-static-devel-2.3.6-4.1.20060mdk.i586.rpm
  1bc7a0a1c76fda9e647061ae541c39a0 
x86_64/2006.0/RPMS/openldap-2.3.6-4.1.20060mdk.x86_64.rpm
  71770a09aeaf8d37b7e0c37ee5e84182 
x86_64/2006.0/RPMS/openldap-clients-2.3.6-4.1.20060mdk.x86_64.rpm
  40c969879aa467374342f0f8d597f564 
x86_64/2006.0/RPMS/openldap-doc-2.3.6-4.1.20060mdk.x86_64.rpm
  30ec0d98e7dd4a6289cb972517254ffd 
x86_64/2006.0/RPMS/openldap-servers-2.3.6-4.1.20060mdk.x86_64.rpm
  56f8cf3e40ab9ded4965b9e2ca528de3 
x86_64/2006.0/SRPMS/openldap-2.3.6-4.1.20060mdk.src.rpm

  Corporate 3.0:
  9f5b3d6bc1939e9cddc067b52a5c6905 
corporate/3.0/RPMS/libldap2-2.1.25-7.2.C30mdk.i586.rpm
  b145cedba5b300c27153caa7b35c7e33 
corporate/3.0/RPMS/libldap2-devel-2.1.25-7.2.C30mdk.i586.rpm
  37a25f61f47bbbde4d228784bde24813 
corporate/3.0/RPMS/libldap2-devel-static-2.1.25-7.2.C30mdk.i586.rpm
  290216ecd86c48f1d433572e9c854484 
corporate/3.0/RPMS/openldap-2.1.25-7.2.C30mdk.i586.rpm
  abdd42a6c4dc54290e03b51f57adf875 
corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.2.C30mdk.i586.rpm
  701c6b5f6462c96a8aaff141637fa242 
corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.2.C30mdk.i586.rpm
  0ca611e9d5a3eee7e999fc9947e09864 
corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.2.C30mdk.i586.rpm
  19adeb4cac1e48d9549458fe7313ff7c 
corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.2.C30mdk.i586.rpm
  41a1f32492dbc4c122e95a4dd84a0feb 
corporate/3.0/RPMS/openldap-clients-2.1.25-7.2.C30mdk.i586.rpm
  9b9c504105bc677244d1090f8c5bb5b2 
corporate/3.0/RPMS/openldap-doc-2.1.25-7.2.C30mdk.i586.rpm
  f2902676cc7a397207281c829c27e6d1 
corporate/3.0/RPMS/openldap-migration-2.1.25-7.2.C30mdk.i586.rpm
  731c1b97a63a45ba756772760c59c6c0 
corporate/3.0/RPMS/openldap-servers-2.1.25-7.2.C30mdk.i586.rpm
  70f8323a5b1ee7cace35153eb8a4a977 
corporate/3.0/SRPMS/openldap-2.1.25-7.2.C30mdk.src.rpm

  Corporate 3.0/X86_64:
  ea6b0511387ed89a04dcf814ba5d4174 
x86_64/corporate/3.0/RPMS/lib64ldap2-2.1.25-7.2.C30mdk.x86_64.rpm
  d5b1e13a6947c55a0e4fcce2e91b23f7 
x86_64/corporate/3.0/RPMS/lib64ldap2-devel-2.1.25-7.2.C30mdk.x86_64.rpm
  b4f1b6d44fd41861a75aa92aaafef04e 
x86_64/corporate/3.0/RPMS/lib64ldap2-devel-static-2.1.25-7.2.C30mdk.x86_64.rpm
  08dfbb1f3eac003c4635031295cc791f 
x86_64/corporate/3.0/RPMS/openldap-2.1.25-7.2.C30mdk.x86_64.rpm
  ca206f54b9573076cee3a7eaabadd418 
x86_64/corporate/3.0/RPMS/openldap-back_dnssrv-2.1.25-7.2.C30mdk.x86_64.rpm
  aa7ee91e2f51298c19b1d13c643c1a3c 
x86_64/corporate/3.0/RPMS/openldap-back_ldap-2.1.25-7.2.C30mdk.x86_64.rpm
  76388eb3fb21ad49c5f60deb309f8055 
x86_64/corporate/3.0/RPMS/openldap-back_passwd-2.1.25-7.2.C30mdk.x86_64.rpm
  44d4127e8a071b4a4384e5e5d00abdb6 
x86_64/corporate/3.0/RPMS/openldap-back_sql-2.1.25-7.2.C30mdk.x86_64.rpm
  afc55cc7cc9b5b1d2d0d78328c71cef6 
x86_64/corporate/3.0/RPMS/openldap-clients-2.1.25-7.2.C30mdk.x86_64.rpm
  58397772050830e56cada4a725923422 
x86_64/corporate/3.0/RPMS/openldap-doc-2.1.25-7.2.C30mdk.x86_64.rpm
  a63018c5425a741cd9161efff32f1e06 
x86_64/corporate/3.0/RPMS/openldap-migration-2.1.25-7.2.C30mdk.x86_64.rpm
  138f61cb6117553b8766ef1a806f07bc 
x86_64/corporate/3.0/RPMS/openldap-servers-2.1.25-7.2.C30mdk.x86_64.rpm
  70f8323a5b1ee7cace35153eb8a4a977 
x86_64/corporate/3.0/SRPMS/openldap-2.1.25-7.2.C30mdk.src.rpm
  _______________________________________________________________________

  To upgrade automatically use MandrivaUpdate or urpmi.  The verification
  of md5 checksums and GPG signatures is performed automatically for you.

  All packages are signed by Mandriva for security.  You can obtain the
  GPG public key of the Mandriva Security Team by executing:

   gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

  You can view other update advisories for Mandriva Linux at:

   http://www.mandriva.com/security/advisories

  If you want to report vulnerabilities, please contact

   security_(at)_mandriva.com
  _______________________________________________________________________

  Type Bits/KeyID     Date       User ID
  pub  1024D/22458A98 2000-07-10 Mandriva Security Team
   <security*mandriva.com>

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================