[RHSA-2008:0268-01] Critical: Red Hat Directory Server 7.1 Service Pack 6 security update

Fri May 9 17:37:02 UTC 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Directory Server 7.1 Service Pack 6 security update
Advisory ID:       RHSA-2008:0268-01
Product:           Red Hat Directory Server
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2008-0268.html
Issue date:        2008-05-09
CVE Names:         CVE-2008-1677 
=====================================================================

1. Summary:

An updated redhat-ds package that addresses a security issue is now
available as Red Hat Directory Server 7.1, Service Pack 6.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL 3 Directory Server AS - i386
RHEL 3 Directory Server ES - i386
RHEL 4 Directory Server AS - i386
RHEL 4 Directory Server ES - i386

3. Description:

Red Hat Directory Server is an LDAPv3-compliant directory server.

A buffer overflow flaw was found in the Red Hat Directory Server 7.1
regular expression handler. An unauthenticated attacker could construct a
malicious LDAP query that could cause the LDAP server to crash or possibly
execute arbitrary code. (CVE-2008-1677)

For more information about Service Pack 6, including upgrade and
installation instructions for users running Red Hat Directory Server 7.1 on
Solaris, please refer to the Red Hat Directory Server 7.1 SP6 release
notes, available at:

http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP6/

All users of Red Hat Directory Server 7.1 should upgrade to Service Pack 6,
which resolves this issue.

4. Solution:

This update is available via Red Hat Network.

Users running Red Hat Directory Server 7.1 on Red Hat Enterprise Linux
should consult the following Knowledge Base article for instruction on how
to install updated RPM packages: http://kbase.redhat.com/faq/FAQ_58_10188

Users running Red Hat Directory Server 7.1 on Solaris should consult the
Service Pack 6 release notes (see above for URL) for installation and
upgrade instructions.

5. Bugs fixed (http://bugzilla.redhat.com/):

182621 - Allow larger regex buffer to enable long substring filters
444712 - CVE-2008-1677 Directory Server: insufficient buffer size for search patterns

6. Package List:

RHEL 3 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 3 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL3.i386.rpm

RHEL 4 Directory Server AS:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

RHEL 4 Directory Server ES:

i386:
redhat-ds-7.1SP6-9.RHEL4.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1677
http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2008 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFIJIuQXlSAg2UNWIIRAjOoAJ9wiAxKLKm8ZjAFGn2RDQ5g3nP42gCfRd0V
4l9At+t70KcCLgD7GvCE5cg=
=WTzF
-----END PGP SIGNATURE-----