AnNyung Official Homepage Home > Update [ 1.2 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



openldap 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1129822850
업데이트 : 2005.10.21

상세내용

nss_ldap package 신규 추가

CAN-2004-0823:
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5
and possibly other operating systems, may allow certain authentication
schemes to use hashed (crypt) passwords in the userPassword attribute
as if they were plaintext passwords, which allows remote attackers to
re-use hashed passwords without decrypting them.

CAN-2005-2069:
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave
using TLS, does not use TLS for the subsequent connection if the client
is referred to a master, which may cause a password to be sent in
cleartext and allows remote attackers to sniff the password.


Autoupdates 지원 : Packages System
  pkgadd -F openldap*


update 패키지

  RPMS :

    . openldap-2.0.27-20.i686.rpm
    . openldap-devel-2.0.27-20.i686.rpm
    . openldap-clients-2.0.27-20.i686.rpm
    . openldap-servers-2.0.27-20.i686.rpm
    . nss_ldap-207-17.i686.rpm


  SRPMS :

    . nss_ldap-207-17.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0823
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069



    



 Home > Update [ 1.2 ]

Copyright 2018 OOPS Development Organization 
LAST MODIFIED: 2016/04/24