Security update for Novell eDirectory
Novell has released a patch (8.7.3 SP10 FTF1) for its eDirectory network directory service, correcting several errors. Among these are two critical vulnerabilities which could allow a remote attacker to crash or take control of an affected system. The exploits are based on heap overflows during the execution of certain commands to the directory service. On its list of current security problems, the US Computer Emergency Readiness Team (US-CERT) recommends installing the updates as soon as possible.
The patch is available to download from Novell's web site. One surprising aspect is the different size of download for different platforms – the Windows patch is 6MB, while the Red Hat version is almost 250MB.