Ubuntu Security Notice USN-858-1 November 12, 2009========================================================== openldap2.2 vulnerability CVE-2009-3767 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.