drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in OpenLDAP
Name: |
Zwei Probleme in OpenLDAP |
|
ID: |
USN-2742-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04 |
|
Datum: |
Mi, 16. September 2015, 22:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9713 |
|
Applikationen: |
OpenLDAP |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1587216073154293191== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QGA5ImFo1xaOUvtRfrC4SW4rX4U73lJ74"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QGA5ImFo1xaOUvtRfrC4SW4rX4U73lJ74 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2742-1 September 16, 2015
openldap vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in OpenLDAP.
Software Description: - openldap: OpenLDAP utilities
Details:
Denis Andzakovic discovered that OpenLDAP incorrectly handled certain BER data. A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2015-6908)
Dietrich Clauss discovered that the OpenLDAP package incorrectly shipped with a potentially unsafe default access control configuration. Depending on how the database is configure, this may allow users to impersonate others by modifying attributes such as their Unix user and group numbers. (CVE-2014-9713)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: slapd 2.4.31-1+nmu2ubuntu12.3
Ubuntu 14.04 LTS: slapd 2.4.31-1+nmu2ubuntu8.2
Ubuntu 12.04 LTS: slapd 2.4.28-1.1ubuntu4.6
In general, a standard system update will make all the necessary changes.
For existing installations, access rules that begin with "to *" need to be manually adjusted to remove any instances of "by self write".
References: http://www.ubuntu.com/usn/usn-2742-1 CVE-2014-9713, CVE-2015-6908
Package Information: https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu12.3 https://launchpad.net/ubuntu/+source/openldap/2.4.31-1+nmu2ubuntu8.2 https://launchpad.net/ubuntu/+source/openldap/2.4.28-1.1ubuntu4.6
--QGA5ImFo1xaOUvtRfrC4SW4rX4U73lJ74 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJV+axlAAoJEGVp2FWnRL6TSsgQAKAYM0xbt9Y6ilp9FF2cd9Ux cAFBS23g8WojznAjmjHQ6bmhhcxOPjgIewt5Uiawu76qegBzRKhUQsrXEqq4i0ha uwpSjtGcwLaPOSpC9aMzf13I3qW4IirKihDV1jgC03rmOQQVIOkNUuP3Aqbf6zRQ FgSno6foNZn4IkOM+xFvuY2k/W+E+rqA83f36IXQ0kXKklqUxrm+XE4R0QyWJXTK RJ1BheoDZQ1m+DCS2C4vt7njauejZpfkLdUBe6XX81abThBA4jHUw38h4otobsp2 /VI7VdTJkdIOsAdIakdiBYwOCbS1J1s8QdRi0obu+8BWZLbuQ+yZiHpo3DfEKi4I clwth8widWHshsuf6bgz32G/KkkcFvjSmwml6IWgrFRxlLvV/tAqW7IF9hza6I9X LSzoBDazVONZwnHTEvsn9bU9cdcW+DfhgQNpD+RMRzREkkcmsz5KB10pEdrVRP9z ML8GJI0WvrT9kOSZ7XW7YC0GFBIhX20sJnCZ/pgRhxEcb78luL+a3yP8+aGjNqiI vYKmh2g9o2zuAzFw7mv0d2dHgBGYT+oupasYNJTurey5MxPDCOAiGFo4pdjxoFp8 iNtQa+pAXTQfC9f9vbGFXvjvb5VyWmW+afYemHVhu/wriG6GWtpHbpOsaNiMck4v oX87VDXh2v1CDI03+rwf =ENU/ -----END PGP SIGNATURE-----
--QGA5ImFo1xaOUvtRfrC4SW4rX4U73lJ74--
--===============1587216073154293191== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1587216073154293191==--
|
|
|
|