Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in OpenLDAP
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in OpenLDAP
ID: USN-4078-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 19.04
Datum: Mi, 31. Juli 2019, 00:02
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057
Applikationen: OpenLDAP

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8945269239379577757==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="7ktqxQqsVPOCU8vI10AkMEuSKYnunUOnM"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--7ktqxQqsVPOCU8vI10AkMEuSKYnunUOnM
Content-Type: multipart/mixed;
boundary="FvkL6Gs0qNYCwzVJI7JEmBx8bk36ti499";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <8b294829-5820-d5a0-0279-012bca3d9d46@canonical.com>
Subject: [USN-4078-1] OpenLDAP vulnerabilities

--FvkL6Gs0qNYCwzVJI7JEmBx8bk36ti499
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4078-1
July 30, 2019

openldap vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenLDAP.

Software Description:
- openldap: OpenLDAP utilities

Details:

It was discovered that OpenLDAP incorrectly handled rootDN delegation. A
database administrator could use this issue to request authorization as an
identity from another database, contrary to expectations. (CVE-2019-13057)

It was discovered that OpenLDAP incorrectly handled SASL authentication and
session encryption. After a first SASL bind was completed, it was possible
to obtain access by performing simple binds, contrary to expectations.
(CVE-2019-13565)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
slapd 2.4.47+dfsg-3ubuntu2.1

Ubuntu 18.04 LTS:
slapd 2.4.45+dfsg-1ubuntu1.3

Ubuntu 16.04 LTS:
slapd 2.4.42+dfsg-2ubuntu3.6

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4078-1
CVE-2019-13057, CVE-2019-13565

Package Information:
https://launchpad.net/ubuntu/+source/openldap/2.4.47+dfsg-3ubuntu2.1
https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.3
https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.6


--FvkL6Gs0qNYCwzVJI7JEmBx8bk36ti499--

--7ktqxQqsVPOCU8vI10AkMEuSKYnunUOnM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl1AlrsACgkQZWnYVadE
vpMjPw/+Pgkd+ovKXSUYUwfhDBXAbvPhCLPfCrgtNiIUB3VUaBiQjP4DcD7+eFlV
2/PJd3PsX1p21YcUezB3oF84Nz6nIIbgg/Midv2HAITdVdNmFKPxwNvJ/czSDxDJ
nKyKz60texWSXDp34IxJT1Kx9VhkiS0dhcl769CaNZAprOmHch0k6vh1HJOJXQ/O
8L4znbCSu5St2qVM2gq2MJvZZugXrqz8VEORApBfD5QLX9EzFcvLrKBaVslVx57H
OnYyKfKOKZVW/tkPdc9UMqcRcfopqyYzf1MEKA+pXakF2fnkOMNECTYV5a4g/MfD
UWfPbZXp9vnlq1AhXhTJn5cccAFXGpVpD9dwa25oieIQj0DoFgw23BzXA5wFt3kL
ZHG/dpU/sZo8XcnXFN15iT5tcTiwlUKQzteK1NPeqaI2AiU5JgA3THTOVV4NgLZ4
8uHIRY6Rkf30Dih4ouatbUaSega8n8MfEILe33rp2w/CoceHs3xr/YGeXaS/MKTs
wP8i8qm2xuc0fUV1Gp5IKFADmKVIcAVmrOpRBLeKKO6tQ0U3UkwJXzJUm3rfzsma
JjJypr/C8QFgMfYq/RJnJsrNHhKg/0suAy9ZS6wlz9F8h/MhzFPy8USWie+ByIPP
SPxcn8WMCHBfRrULKYbG8SxHzbiFBuSn6yg9tD9ADoB6F1zqIbo=
=LMyU
-----END PGP SIGNATURE-----

--7ktqxQqsVPOCU8vI10AkMEuSKYnunUOnM--


--===============8945269239379577757==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============8945269239379577757==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung