=========================================================== Ubuntu Security Notice USN-305-1 June 27, 2006 openldap2, openldap2.2 vulnerability CVE-2006-2754 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: slapd 2.1.30-3ubuntu3.2 Ubuntu 5.10: slapd 2.2.26-3ubuntu0.1 Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: When processing overly long host names in OpenLDAP's slurpd replication server, a buffer overflow caused slurpd to crash. If an attacker manages to inject a specially crafted host name into slurpd, this might also be exploited to execute arbitrary code with slurpd's privileges; however, since slurpd is usually set up to replicate only trusted machines, this should not be exploitable in normal cases. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.2.diff.gz Size/MD5: 117693 811feb51c50318d90b2f8d3955bd2cd4 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.2.dsc Size/MD5: 988 772bf522a7b5211787dc7272ea0b71cb http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30.orig.tar.gz Size/MD5: 2044673 e2ae8148c4bed07d7a70edd930bdc403 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2.1.30-3ubuntu3.2_all.deb Size/MD5: 72546 3fe7d6a3e99f1d49d049127af41a8334 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.2_amd64.deb Size/MD5: 126502 b78a3e1a2d62ba78ca38842ba9c7b05a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.2_amd64.deb Size/MD5: 361334 2d589dc600e42bc19024170fcb728d39 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.2_amd64.deb Size/MD5: 309204 c13675910f7c21bb3e723592c6e495f2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.2_amd64.deb Size/MD5: 1088128 a3b2230434033fd0070d643b3c09c1d4 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.2_i386.deb Size/MD5: 110870 7cbb5b6f1ba2118946c6811076b701fa http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.2_i386.deb Size/MD5: 318170 8dab1fcba483d48cac5bcda3b0c4a58c http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.2_i386.deb Size/MD5: 284732 301a45c6f09a37332ea5a7b184e8c176 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.2_i386.deb Size/MD5: 979438 ff72cd74acd311e16307286b6c598130 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.2_powerpc.deb Size/MD5: 129774 2b223fe63713e7f4cfbdb434b251d69e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.2_powerpc.deb Size/MD5: 373308 bb5106479b3f3928f8eaf247a2c9af01 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.2_powerpc.deb Size/MD5: 302964 73c3c1603cd8a00e4a49f6486676ecb6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.2_powerpc.deb Size/MD5: 1058408 e483f9a6ecbee4aee2dd196b399e15ed Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-3ubuntu0.1.diff.gz Size/MD5: 495731 9e5ff179d3930bba207a013a9361f5b0 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-3ubuntu0.1.dsc Size/MD5: 1020 23742091bec8567bf0dfc5326657fb12 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.1_amd64.deb Size/MD5: 129756 57ed4fbea2a6c2b0de87878fc81417da http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.1_amd64.deb Size/MD5: 164128 6e18cf1741f0b0dd7ab88279b052a1a3 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.1_amd64.deb Size/MD5: 954370 635ae92d2157d53b2957b062e3dc5661 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.1_i386.deb Size/MD5: 118146 e50ccd57a1f71e904193040b47d5d59c http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.1_i386.deb Size/MD5: 144742 162e0c8d96ab25641f1aa36e25ddd1d1 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.1_i386.deb Size/MD5: 865922 e848677ebffa8f749d25d2d809e6f32c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.1_powerpc.deb Size/MD5: 132322 5af4200f87b773f803585472cdb02d0b http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.1_powerpc.deb Size/MD5: 155466 2b54e0326fa70088eea062590975ec36 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.1_powerpc.deb Size/MD5: 954736 44a826baae1253ecb074f415e6bf7d38 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-3ubuntu0.1_sparc.deb Size/MD5: 121364 7345da5217fbfb8761347d3eb03d7f5e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-3ubuntu0.1_sparc.deb Size/MD5: 147560 cbb0badc7b85347112c19116ead6d3f2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-3ubuntu0.1_sparc.deb Size/MD5: 899418 14cce6ef47a4f84c1936b0a3704d81e1 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.1.diff.gz Size/MD5: 514340 41d918c94861a09c91c720e58a8746b1 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.1.dsc Size/MD5: 1022 deab91ea4c8e19422e9cc4f1f32b49e3 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.1_amd64.deb Size/MD5: 130156 2bc0b9509a895aea193721624feb249b http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.1_amd64.deb Size/MD5: 165566 ef6c9d06239fddf2b3412975c60d7fe4 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.1_amd64.deb Size/MD5: 960764 6a2fd21f5e54e517f08196c859b186e2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.1_i386.deb Size/MD5: 118086 ffa215efabd92e67fe620a6214b78d3c http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.1_i386.deb Size/MD5: 145656 f2b0606f73d4829949b2c06abbb0ec10 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.1_i386.deb Size/MD5: 872454 18a48a067b86be5154966cc787d49195 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.1_powerpc.deb Size/MD5: 132332 e5da252ccd064af45df00a604b9921ca http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.1_powerpc.deb Size/MD5: 156718 fda4dd9465fd6796eda8bef9379db677 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.1_powerpc.deb Size/MD5: 958870 728c6cd9b0dd4a74e48dd6734e058675 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.1_sparc.deb Size/MD5: 120398 2d899349a89ccaea09e074828249ba57 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.1_sparc.deb Size/MD5: 147776 4c64e80390003866ef720c1276bc1f82 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.1_sparc.deb Size/MD5: 902976 dcecebf79109357fdc8278b89d3f8bd2
Attachment:
signature.asc
Description: Digital signature