Login
Newsletter
Werbung
Sicherheit: Mangelnde Prüfung von Zertifikaten in OpenLDAP
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Zertifikaten in OpenLDAP
ID: USN-858-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.06
Datum: Do, 12. November 2009, 15:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767
Applikationen: OpenLDAP

Originalnachricht

 

--===============8209423724532943557==
Content-Type: multipart/signed; micalg="pgp-sha1";
 protocol="application/pgp-signature"; boundary="=-Tw2F1idIcG9zdh6859kG"


--=-Tw2F1idIcG9zdh6859kG
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-858-1          November 12,
 2009==========================================================
openldap2.2 vulnerability
CVE-2009-3767
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libldap-2.2-7                   2.2.26-5ubuntu2.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that OpenLDAP did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu2.9.diff.gz
      Size/MD5:   516098 098a03b4f7d511ce730e9647deca2072
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu2.9.dsc
      Size/MD5:     1028 5a95dae94a1016fbcf41c1c1992ea8e6
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26.orig.tar.gz
      Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.9_amd64.deb
      Size/MD5:   130854 1f1b40b12adcb557a810194d0c4f7993
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.9_amd64.deb
      Size/MD5:   166444 500528d10502361c075a08578c1586f5
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.9_amd64.deb
      Size/MD5:   961974 f56eef919306d6ca7f4a7a090d2ae6ba

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.9_i386.deb
      Size/MD5:   118638 0558a833fb6eadf4d87bd9fd6e687838
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.9_i386.deb
      Size/MD5:   146444 fc85d5259c97622324047bbda153937d
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.9_i386.deb
      Size/MD5:   873424 358c78f76ee16010c1fb81e89adfe849

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.9_powerpc.deb
      Size/MD5:   133012 92d9de435a795261e6bf4143f2bf59c7
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.9_powerpc.deb
      Size/MD5:   157480 099b1ee5e158f77be109a7972587f596
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.9_powerpc.deb
      Size/MD5:   960052 850fb56995224edd6ae329af1b8236ef

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.9_sparc.deb
      Size/MD5:   120932 4fa0f7accd968ba71dff1f7c5b2ef811
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.9_sparc.deb
      Size/MD5:   148546 2d1af209a8b53a8315fbd4bd86573d70
    http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.9_sparc.deb
      Size/MD5:   903928 4aa6b0478821e803c80a020b031aafed




--=-Tw2F1idIcG9zdh6859kG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkr8G78ACgkQLMAs/0C4zNreoACgtMAJETzTEjCknNdrQ90UQcno
lTwAnRuB7yhkEfnEQ/ZQsjxlEOfobEag
=80Tw
-----END PGP SIGNATURE-----

--=-Tw2F1idIcG9zdh6859kG--



--===============8209423724532943557==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8209423724532943557==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung