OpenLDAP Multiple Buffer Overflow Vulnerabilities
Sun have released fixes to address this vulnerability in Sun Linux 5.0.7. Users who are affected by this issue are advised to apply relevant fixes as soon as possible. Please see Sun reference (Sun Linux Support - Sun Linux Patches (Sun)) for further details regarding obtaining and applying appropriate fixes.
Gentoo Linux has released an advisory. Users who have installed net-nds/openldap-2.0.25-r2 are advised to update their systems by issuing the following commands:
Debian has released an advisory (DSA 227-1) which addresses this issue. Users should refer to the attached advisory for details on obtaining and applying fixes.
Trustix Secure Linux has released an advisory (TSLSA-2003-0002) which addresses this and other OpenLDAP issues. Users are advised to upgrade as soon as possible.
Red Hat has released an advisory (RHSA-2002:312) containing fixes to address this issue in Enterprise Linux and Linux Advanced Workstation. Fixes for these releases are only available through the Red Hat Network, and can be obtained using the following link:
SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.
Patch 10027 can be obtained via the following link:
For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.
The following fixes are available:
OpenLDAP OpenLDAP 1.2.11
OpenLDAP OpenLDAP 1.2.13
OpenLDAP OpenLDAP 1.2.9
OpenLDAP OpenLDAP 2.0.11
OpenLDAP OpenLDAP 2.0.12
OpenLDAP OpenLDAP 2.0.14
OpenLDAP OpenLDAP 2.0.21
OpenLDAP OpenLDAP 2.0.23
OpenLDAP OpenLDAP 2.0.25
OpenLDAP OpenLDAP 2.0.7
Sun Linux 5.0.7