[Security Fix] OpenLDAP

To: netbsd current <current-users%netbsd.org@localhost>
Subject: [Security Fix] OpenLDAP
From: Adrian Portelli <adrianp%NetBSD.org@localhost>
Date: Sun, 17 Aug 2008 12:28:58 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

On the 22nd May 2008 OpenLDAP 2.4.9 was imported into HEAD. On the 11th
August 2008 the NetBSD Security Officer team became aware of a security
issue in the version imported into HEAD.

The original advisory for this issue can be found at:

~ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2952

This vulnerability does not exist in the NetBSD 3.x or 4.x code bases.
However, NetBSD-current was found to be vulnerable to this issue.

This issue was fixed in the NetBSD CVS tree on the 13th August 2008.
Users currently running NetBSD-current from sources before 13th August
2008 may wish to update their sources.

Users running with sources from after 13th August 2008 will have the
updated OpenLDAP 2.4.11 which includes a fix for this issue.

On behalf of security-officer@,

adrian.
-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkioC24ACgkQLc2rR0mnFJ/hawCgiAVCrsYqS5LI4fKt2nWDNpsS
qLUAoPQ2nf9RdjL87rKpewqVzW5JvBo8
=WA7A
-----END PGP SIGNATURE-----

Prev by Date: daily CVS update output
Next by Date: Re: wpa_supplicant before dhcpcd
Previous by Thread: Re: CVS commit: src/usr.bin/patch
Next by Thread: problem with vnc viewer not drawing a window
Indexes:

Home | Main Index | Thread Index | Old Index