[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 748/06 - Four Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 748/06 dated 15.11.06 time 14:40
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Four Mandriva Linux Security Advisories:

1. MDKA-2006:051 - Updated webmin to correct issues with various modules

2. MDKA-2006:052 - Updated opensc packages fix Oberthur smart card issues

3. MDKSA-2006:207 - Updated bind packages fixes RSA signature verification vulnerability

4. MDKSA-2006:208 - Updated openldap packages fixes Bind vulnerability

Detail
======

1.  Webmin is a web-based interface for system administration for Unix.
 For the Mandriva 2007.0 release, the webmin package received a patch to
 the operating system detection code to cope with the Mandriva name
 change. This patch unfortunately introduced a problem where many webmin
 modules would no longer work, like cron, MySQL and many others.

2.  Opensc is a library for accessing smart card devices. This update fixes
 a problem which prevented Oberthur smart cards from being recognized
 and used.

3.  The BIND DNS server is vulnerable to the recently-discovered OpenSSL
 RSA signature verification problem (CVE-2006-4339).  BIND uses RSA
 cryptography as part of its DNSSEC implementation.  As a result, to
 resolve the security issue, these packages need to be upgraded and for
 both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
 be generated using the "-e" option of dnssec-keygen, if the current
 keys were generated using the default exponent of 3.

4.  An unspecified vulnerability in OpenLDAP allows remote attackers to
 cause a denial of service (daemon crash) via a certain combination of
 SASL Bind requests that triggers an assertion failure in libldap.




1.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:051
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : webmin
 Date    : November 13, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Webmin is a web-based interface for system administration for Unix.

 For the Mandriva 2007.0 release, the webmin package received a patch to
 the operating system detection code to cope with the Mandriva name
 change. This patch unfortunately introduced a problem where many webmin
 modules would no longer work, like cron, MySQL and many others.

 This issue is fixed with this update.
 _______________________________________________________________________

 References:
 
 http://qa.mandriva.com/show_bug.cgi?id=26668
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 deebf1eaa1cf734f87540f60b50bdadf  2007.0/i586/webmin-1.290-4.3mdv2007.0.noarch.rpm 
 808bb01813d6b1925d0e1ec62bec9c37  2007.0/SRPMS/webmin-1.290-4.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 e817c051405290f0c890b0e79ee34a81  2007.0/x86_64/webmin-1.290-4.3mdv2007.0.noarch.rpm 
 808bb01813d6b1925d0e1ec62bec9c37  2007.0/SRPMS/webmin-1.290-4.3mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWKdgmqjQ0CJFipgRAmLAAJ9xTlLCTuwrfuKlaW/6c6w0UO0VQACeNsbN
lw+oJgNSzZmqhLIC1urNCsA=
=Cich
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Advisory                                   MDKA-2006:052
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : opensc
 Date    : November 13, 2006
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 Opensc is a library for accessing smart card devices. This update fixes
 a problem which prevented Oberthur smart cards from being recognized
 and used.
 _______________________________________________________________________

 References:
 
 http://qa.mandriva.com/show_bug.cgi?id=26248
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 c7c39e6b6bc0e6cc13ca5f22c07d361d  2007.0/i586/libopensc2-0.11.1-2.1mdv2007.0.i586.rpm
 ecf4b979eb57899d9481e7c72a604fc3  2007.0/i586/libopensc2-devel-0.11.1-2.1mdv2007.0.i586.rpm
 853936d2356f4bed442139eb15515701  2007.0/i586/mozilla-plugin-opensc-0.11.1-2.1mdv2007.0.i586.rpm
 92f0979fa29f2d15c3f9ce426c3426b2  2007.0/i586/opensc-0.11.1-2.1mdv2007.0.i586.rpm 
 ddd10adc040a6efa137e1f32c00ba07a  2007.0/SRPMS/opensc-0.11.1-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 2f6c5e3cc8a8b18cea8018627c62fd77  2007.0/x86_64/lib64opensc2-0.11.1-2.1mdv2007.0.x86_64.rpm
 3f4f67e45a0b71024cde51403b7c5ec0  2007.0/x86_64/lib64opensc2-devel-0.11.1-2.1mdv2007.0.x86_64.rpm
 aa44c9bef92c0a08e78ecdcdccbef6d0  2007.0/x86_64/mozilla-plugin-opensc-0.11.1-2.1mdv2007.0.x86_64.rpm
 b76df3588adf20ee80cad8d593a124db  2007.0/x86_64/opensc-0.11.1-2.1mdv2007.0.x86_64.rpm 
 ddd10adc040a6efa137e1f32c00ba07a  2007.0/SRPMS/opensc-0.11.1-2.1mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWLwqmqjQ0CJFipgRAiilAKCru4xAnSRH3zzJILcY0JcDKR81IgCgq+TE
oxh6GsHW7rxth7y8w/jZ2A0=
=vL5l
- -----END PGP SIGNATURE-----



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:207
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : bind
 Date    : November 14, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 The BIND DNS server is vulnerable to the recently-discovered OpenSSL
 RSA signature verification problem (CVE-2006-4339).  BIND uses RSA
 cryptography as part of its DNSSEC implementation.  As a result, to
 resolve the security issue, these packages need to be upgraded and for
 both KEY and DNSKEY record types, new RSASHA1 and RSAMD5 keys need to
 be generated using the "-e" option of dnssec-keygen, if the current
 keys were generated using the default exponent of 3.

 You are able to determine if your keys are vulnerable by looking at the
 algorithm (1 or 5) and the first three characters of the Base64 encoded
 RSA key.  RSAMD5 (1) and RSASHA1 (5) keys that start with "AQM", "AQN",
 "AQO", or "AQP" are vulnerable.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
 http://marc.theaimsgroup.com/?l=bind-announce&m=116253119512445
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1035f92172986ed63ca035de0603a0fd  2006.0/i586/bind-9.3.1-4.2.20060mdk.i586.rpm
 4f5949d85f13c68220f4f5f030f63849  2006.0/i586/bind-devel-9.3.1-4.2.20060mdk.i586.rpm
 f201e05548b673268038e95225451085  2006.0/i586/bind-utils-9.3.1-4.2.20060mdk.i586.rpm 
 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 83b6c31bef9e4df229e2fe5cf8c3aa2a  2006.0/x86_64/bind-9.3.1-4.2.20060mdk.x86_64.rpm
 fb03e9a493645041816c206267a052f4  2006.0/x86_64/bind-devel-9.3.1-4.2.20060mdk.x86_64.rpm
 f54babadfba3ec593563724208df1eaa  2006.0/x86_64/bind-utils-9.3.1-4.2.20060mdk.x86_64.rpm 
 4f57cbdc960171c439223f5c20952460  2006.0/SRPMS/bind-9.3.1-4.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 6c282a7b5c3cfec534e2557926005bbf  2007.0/i586/bind-9.3.2-8.1mdv2007.0.i586.rpm
 03390448f140777d62cdd76e50361526  2007.0/i586/bind-devel-9.3.2-8.1mdv2007.0.i586.rpm
 7546dc98ff5e8061636a3a75d6b318fb  2007.0/i586/bind-utils-9.3.2-8.1mdv2007.0.i586.rpm 
 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 c190d522505a16aa97891f525e0034a4  2007.0/x86_64/bind-9.3.2-8.1mdv2007.0.x86_64.rpm
 594cacdac86db81b0c62a7380c6a3a2d  2007.0/x86_64/bind-devel-9.3.2-8.1mdv2007.0.x86_64.rpm
 e827e65717615868896e43bcb4856f2d  2007.0/x86_64/bind-utils-9.3.2-8.1mdv2007.0.x86_64.rpm 
 8be8a7d591971e760d1251bd75f97a6c  2007.0/SRPMS/bind-9.3.2-8.1mdv2007.0.src.rpm

 Corporate 3.0:
 fa096b2fac1840797e382ba61728d47e  corporate/3.0/i586/bind-9.2.3-6.2.C30mdk.i586.rpm
 0f1e56f1f3a2689443c04b52d8ce5545  corporate/3.0/i586/bind-devel-9.2.3-6.2.C30mdk.i586.rpm
 99bf1f4127e97b8941b597aa5e19aa0a  corporate/3.0/i586/bind-utils-9.2.3-6.2.C30mdk.i586.rpm 
 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e74bea44aee406d11c87227584790c26  corporate/3.0/x86_64/bind-9.2.3-6.2.C30mdk.x86_64.rpm
 b108edf227b55f3af3ab55b48c23a62a  corporate/3.0/x86_64/bind-devel-9.2.3-6.2.C30mdk.x86_64.rpm
 ba548cbba992f479ad40ecf0808f36cb  corporate/3.0/x86_64/bind-utils-9.2.3-6.2.C30mdk.x86_64.rpm 
 2b49bd9c7edf8bd81b297260b54de32d  corporate/3.0/SRPMS/bind-9.2.3-6.2.C30mdk.src.rpm

 Corporate 4.0:
 8bfc97510d4f07568d64c9b9872b4bba  corporate/4.0/i586/bind-9.3.2-7.1.20060mlcs4.i586.rpm
 dda709703f8bf05f1ff59ae6132a81a7  corporate/4.0/i586/bind-devel-9.3.2-7.1.20060mlcs4.i586.rpm
 daf59d23abaaaf62c990d2fa1155688c  corporate/4.0/i586/bind-utils-9.3.2-7.1.20060mlcs4.i586.rpm 
 ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3d1bbe1e7d4f2de6e546996e181a16b0  corporate/4.0/x86_64/bind-9.3.2-7.1.20060mlcs4.x86_64.rpm
 c1b8467d62623ef5daf35a696ab2389e  corporate/4.0/x86_64/bind-devel-9.3.2-7.1.20060mlcs4.x86_64.rpm
 83cf57110f107c450aaac5931ee52ecb  corporate/4.0/x86_64/bind-utils-9.3.2-7.1.20060mlcs4.x86_64.rpm 
 ccfd1d4d79b168ab5f7998e51c305a26  corporate/4.0/SRPMS/bind-9.3.2-7.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 abd228e7f0b762ae8c11c8ecd90200c2  mnf/2.0/i586/bind-9.2.3-6.2.M20mdk.i586.rpm
 dd7b0785e31880a09d10957695c0552d  mnf/2.0/i586/bind-devel-9.2.3-6.2.M20mdk.i586.rpm
 0a2052e5f263b8b8d94111a581928c57  mnf/2.0/i586/bind-utils-9.2.3-6.2.M20mdk.i586.rpm 
 eff2c78779b4285783ffea14e6e33c31  mnf/2.0/SRPMS/bind-9.2.3-6.2.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWlnDmqjQ0CJFipgRAvl+AKCd5q51CkdHf1UnUJ4imb9Fzl5mZQCfaW5Z
6faoicEmIFqGW4QuEVIhCbU=
=bI0u
- -----END PGP SIGNATURE-----



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:208
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openldap
 Date    : November 14, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 An unspecified vulnerability in OpenLDAP allows remote attackers to
 cause a denial of service (daemon crash) via a certain combination of
 SASL Bind requests that triggers an assertion failure in libldap.

 Packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5779
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 b72665688e5e1ff9b6fe0e681af6cb05  2006.0/i586/libldap2.3_0-2.3.6-4.3.20060mdk.i586.rpm
 84a2dc039815bb6d67683d4e63ca0621  2006.0/i586/libldap2.3_0-devel-2.3.6-4.3.20060mdk.i586.rpm
 1fbf4c412d038ed9b8f858e33a35ead5  2006.0/i586/libldap2.3_0-static-devel-2.3.6-4.3.20060mdk.i586.rpm
 7bcd4adfab46638fb4dad1e348bc59bf  2006.0/i586/openldap-2.3.6-4.3.20060mdk.i586.rpm
 639fa71315c66e551ac238c9f3de2bd4  2006.0/i586/openldap-clients-2.3.6-4.3.20060mdk.i586.rpm
 852dd34144c00b4133ec682ec51bc9e6  2006.0/i586/openldap-doc-2.3.6-4.3.20060mdk.i586.rpm
 6dfb754e096a7b5938abdc2e9075f1db  2006.0/i586/openldap-servers-2.3.6-4.3.20060mdk.i586.rpm 
 33c1cbabec53f8a4ae97814ee00ede84  2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 6d18e8fcd352be094574246da2a79c42  2006.0/x86_64/lib64ldap2.3_0-2.3.6-4.3.20060mdk.x86_64.rpm
 b27b5f57402c4a3f962804f1b704f1a2  2006.0/x86_64/lib64ldap2.3_0-devel-2.3.6-4.3.20060mdk.x86_64.rpm
 c637b0949ac7724b60bac03f00844ecd  2006.0/x86_64/lib64ldap2.3_0-static-devel-2.3.6-4.3.20060mdk.x86_64.rpm
 e04a970029040bc722942d6a04db4710  2006.0/x86_64/openldap-2.3.6-4.3.20060mdk.x86_64.rpm
 246c24e419b857592a719e6d02f4d1d9  2006.0/x86_64/openldap-clients-2.3.6-4.3.20060mdk.x86_64.rpm
 97c6bfac30389a0b3a64c7d7783a3e9a  2006.0/x86_64/openldap-doc-2.3.6-4.3.20060mdk.x86_64.rpm
 31dcb6111bcb5204d47f86bf210daa27  2006.0/x86_64/openldap-servers-2.3.6-4.3.20060mdk.x86_64.rpm 
 33c1cbabec53f8a4ae97814ee00ede84  2006.0/SRPMS/openldap-2.3.6-4.3.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 39b1958af245ecfcecf20c97ad4bc166  2007.0/i586/libldap2.3_0-2.3.27-1.1mdv2007.0.i586.rpm
 c40f187a17e9cc9343072d2cb85c907c  2007.0/i586/libldap2.3_0-devel-2.3.27-1.1mdv2007.0.i586.rpm
 26791df1fecb524951de012a18cd0bee  2007.0/i586/libldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.i586.rpm
 89b2d92928afb2c7ecfaa0e1cb19c2fc  2007.0/i586/openldap-2.3.27-1.1mdv2007.0.i586.rpm
 110928ada569de751e90b6458f15d70c  2007.0/i586/openldap-clients-2.3.27-1.1mdv2007.0.i586.rpm
 02ab9fa4f2df8939006274859bad973e  2007.0/i586/openldap-doc-2.3.27-1.1mdv2007.0.i586.rpm
 f1c1cdd706a0d588169f43fdf0364798  2007.0/i586/openldap-servers-2.3.27-1.1mdv2007.0.i586.rpm 
 f5dca5dfc0b0b9dc943eb91329d5edd4  2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 842e1009b0f1df726c6782ccc44a9f8e  2007.0/x86_64/lib64ldap2.3_0-2.3.27-1.1mdv2007.0.x86_64.rpm
 14a0154ec9c9c14cff5f1071792188fa  2007.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
 08be2ac440ca59f1d572f15479c2813a  2007.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1mdv2007.0.x86_64.rpm
 15d356bbf748f5ac65068e51aeed23f6  2007.0/x86_64/openldap-2.3.27-1.1mdv2007.0.x86_64.rpm
 d90efede17b72263125047dedfcf8ede  2007.0/x86_64/openldap-clients-2.3.27-1.1mdv2007.0.x86_64.rpm
 ab5d0a91199c1e3f72bccbec7de94d9c  2007.0/x86_64/openldap-doc-2.3.27-1.1mdv2007.0.x86_64.rpm
 959d798ef393b2ce85aff8311390f41c  2007.0/x86_64/openldap-servers-2.3.27-1.1mdv2007.0.x86_64.rpm 
 f5dca5dfc0b0b9dc943eb91329d5edd4  2007.0/SRPMS/openldap-2.3.27-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 f3499debd45315f02d33eda18e5c86b7  corporate/3.0/i586/libldap2-2.1.25-7.3.C30mdk.i586.rpm
 68ca2a014ada5bbd31214cf028b37463  corporate/3.0/i586/libldap2-devel-2.1.25-7.3.C30mdk.i586.rpm
 aa5847991ac3354a5ea0a1bad87b0a67  corporate/3.0/i586/libldap2-devel-static-2.1.25-7.3.C30mdk.i586.rpm
 628a3eaff7a146fb0bb1d8d90ecb42e0  corporate/3.0/i586/openldap-2.1.25-7.3.C30mdk.i586.rpm
 957f7be83dbf78efd6a2d268d9141ff6  corporate/3.0/i586/openldap-back_dnssrv-2.1.25-7.3.C30mdk.i586.rpm
 4ce6284c6afd75d84ea37606ae1d6e93  corporate/3.0/i586/openldap-back_ldap-2.1.25-7.3.C30mdk.i586.rpm
 270c11c28dfc20c64e1533d2898d36cf  corporate/3.0/i586/openldap-back_passwd-2.1.25-7.3.C30mdk.i586.rpm
 5d7d58339e9201248fc010575cb31869  corporate/3.0/i586/openldap-back_sql-2.1.25-7.3.C30mdk.i586.rpm
 a9abf93db02be8a440e1552f68de461f  corporate/3.0/i586/openldap-clients-2.1.25-7.3.C30mdk.i586.rpm
 276f933bf4b2b4ec2154c1711e390528  corporate/3.0/i586/openldap-doc-2.1.25-7.3.C30mdk.i586.rpm
 e5413f3739f4f0b05d5613fcfe4ed440  corporate/3.0/i586/openldap-migration-2.1.25-7.3.C30mdk.i586.rpm
 b853003aec279c201f340c2a4e522b6d  corporate/3.0/i586/openldap-servers-2.1.25-7.3.C30mdk.i586.rpm 
 184104c031fff375d12005fac7d6352e  corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 69b5e3f05a202fe319c547c376c26f43  corporate/3.0/x86_64/lib64ldap2-2.1.25-7.3.C30mdk.x86_64.rpm
 86e94f0d7df100c840f8fa649f2c8f04  corporate/3.0/x86_64/lib64ldap2-devel-2.1.25-7.3.C30mdk.x86_64.rpm
 ec89988f5d9f6bf013de22736735ad3a  corporate/3.0/x86_64/lib64ldap2-devel-static-2.1.25-7.3.C30mdk.x86_64.rpm
 12f6b3d614fde22c3d1d0458b47b2e09  corporate/3.0/x86_64/openldap-2.1.25-7.3.C30mdk.x86_64.rpm
 9e70aa982d5edf76205affe8c6547c7c  corporate/3.0/x86_64/openldap-back_dnssrv-2.1.25-7.3.C30mdk.x86_64.rpm
 0ca56de551113c06139523c8060ee04f  corporate/3.0/x86_64/openldap-back_ldap-2.1.25-7.3.C30mdk.x86_64.rpm
 e120437dc64eecb38695827b659d534d  corporate/3.0/x86_64/openldap-back_passwd-2.1.25-7.3.C30mdk.x86_64.rpm
 c3f0c912cf165a322d1e490c02b46b7c  corporate/3.0/x86_64/openldap-back_sql-2.1.25-7.3.C30mdk.x86_64.rpm
 572a10324d86c9376e7b585617daeecb  corporate/3.0/x86_64/openldap-clients-2.1.25-7.3.C30mdk.x86_64.rpm
 0ea5646134953fa6a599ba1dc52c5c67  corporate/3.0/x86_64/openldap-doc-2.1.25-7.3.C30mdk.x86_64.rpm
 12271a5c7103edc6515fc13f13ae390d  corporate/3.0/x86_64/openldap-migration-2.1.25-7.3.C30mdk.x86_64.rpm
 60d1bc217a56e8ed0acccf9243f77e42  corporate/3.0/x86_64/openldap-servers-2.1.25-7.3.C30mdk.x86_64.rpm 
 184104c031fff375d12005fac7d6352e  corporate/3.0/SRPMS/openldap-2.1.25-7.3.C30mdk.src.rpm

 Corporate 4.0:
 7a96aee0968898d0a46ac7107849ea56  corporate/4.0/i586/libldap2.3_0-2.3.27-1.1.20060mlcs4.i586.rpm
 f98daa7a97e82d79fac31548c85c456b  corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.1.20060mlcs4.i586.rpm
 cf50b0867443ec18b5849a7bef113eb5  corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.i586.rpm
 614aff258fbd40b6823280a70bcfb17c  corporate/4.0/i586/openldap-2.3.27-1.1.20060mlcs4.i586.rpm
 7a27a65d85b8e40413c72745c8b9daff  corporate/4.0/i586/openldap-clients-2.3.27-1.1.20060mlcs4.i586.rpm
 aefdaa8925507142a24d1d416e71d82e  corporate/4.0/i586/openldap-doc-2.3.27-1.1.20060mlcs4.i586.rpm
 f24e13fcae66cd5905ac8cf0bc85a687  corporate/4.0/i586/openldap-servers-2.3.27-1.1.20060mlcs4.i586.rpm 
 c5d9d03480f8377b56765da2b82d7645  corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b82aaccd80eb00bce088c527d246da23  corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.1.20060mlcs4.x86_64.rpm
 081db34fc9f26674c5f3e66dbf55beb7  corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
 bae33dc8d695f5066afb02758d3a6ccb  corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.1.20060mlcs4.x86_64.rpm
 36ba69c7f7ae3664ac5a9f1ce5d15294  corporate/4.0/x86_64/openldap-2.3.27-1.1.20060mlcs4.x86_64.rpm
 5ec8ee09c948ef6e83287ca6855b730a  corporate/4.0/x86_64/openldap-clients-2.3.27-1.1.20060mlcs4.x86_64.rpm
 58445377fced4fe1c64b4f5e1c484eaa  corporate/4.0/x86_64/openldap-doc-2.3.27-1.1.20060mlcs4.x86_64.rpm
 076df2a66bbee52c444ab19f3268d5db  corporate/4.0/x86_64/openldap-servers-2.3.27-1.1.20060mlcs4.x86_64.rpm 
 c5d9d03480f8377b56765da2b82d7645  corporate/4.0/SRPMS/openldap-2.3.27-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFWoQqmqjQ0CJFipgRAq51AKCEDMu1gc4XvH1izr47rjj+e5+4OwCfZExo
J1MXuWqzXUuZLK8czYHBx7I=
=s8yk
- -----END PGP SIGNATURE-----



______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Mandriva for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRVslVml7oeQsXfKvEQKgqQCfSSMrLxKcBbtoD6RQ2n/FitlyOO4AoLj/
YtcwtreuthXTteLTsUZZZkdj
=2yW0
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________