Novell eDirectory 20080924
This document (5037180) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
patches that supersede this patch
SuSE Linux Maintenance Web (ef1bcc8cbc6b2ed29c6f85eaf38f2eec)
Applies toPackage: novell-NDSserv novell-NOVLembox
Novell Open Enterprise Server 2 for x86
Novell Open Enterprise Server 2 for AMD64 and Intel EM64T
IndicationsAll users of Novell eDirectory should update.
Problem descriptionThis patch resolves the following security vulnerabilities:
- Security vulnerability: content-Length header heap overflow. (Bug 379880) (CVE-2008-4478) (TID 7000087)
- Security vulnerability: dhost accept language header heap overflow. (Bug 379882) (CVE-2008-4479) (TID 7000086)
- Security vulnerability: eDirectory core protocol opcode 0x0F heap overflow. (Bug 396817) (CVE-2008-4478) (TID 7001184)
- Security vulnerability: eDirectory core protocol opcode 0x24 heap overflow. (Bug 396819) (CVE-2008-4480) (TID 7001183)
- Security vulnerability: remote exploitation of eDirectory NCP memory corruption. (Bug 373852) (IDEF2996) (TID 7001185)
- Security vulnerability: httpstk allows cross site scripting. (Bug 387429) (CVE-2008-0925) (TID 3460217)
Please install the updates provided at the location noted below.
This update is provided as an RPM package that can easily be installed onto a running system by using this command:
rpm -Fvh novell-NDSserv.rpm novell-NOVLembox.rpm
|novell-NDSserv-8.8.2-71.12.i586.rpm||6.1 MB (6435724)||2008-10-23 13:50:11|
|novell-NOVLembox-8.8.2-31.1.i586.rpm||2.1 MB (2280186)||2008-10-23 13:50:12|
source packagesDownload the source code of the patches for maintained products.
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.