=========================================================== Ubuntu Security Notice USN-584-1 March 05, 2008 openldap2.2, openldap2.3 vulnerabilities CVE-2007-6698, CVE-2008-0658 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.6 Ubuntu 6.10: slapd 2.2.26-5ubuntu3.3 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.2 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.diff.gz Size/MD5: 513643 5ec2226be9a7a7ed4b08c8c129943979 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.6.dsc Size/MD5: 1020 fa23dada98476932fb1e8c1e6d47a143 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 130552 9e5d6589617f2c98632b8c7c5a4f2afc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 165976 68032a07f814ef62556b539b17531161 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_amd64.deb Size/MD5: 961572 6074803431925962b7500f1223ecba0e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 118396 b8864fd7cb61e88cf5bd15ed5c87ce38 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 146100 27c057986763be36fd3b267ba1844bb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_i386.deb Size/MD5: 873016 c392b5a10d1973fe2d6c264d496a0424 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 132736 a21157c2d376e3b4cdd7fdb2e3b97a2e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 157168 a935b8931a79ec692fa3d10357feb811 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_powerpc.deb Size/MD5: 959554 bd801628bccfdc5624d9386d0fb6c2d1 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 120696 8efb65196a17efc1b397cadc874eb201 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 148180 83781a94080002f4363d2fd557cec845 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.6_sparc.deb Size/MD5: 903560 0ed257e45f1ae749cb3a0b4591328db4 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.diff.gz Size/MD5: 514824 2e3cf6b4dbcfc951d00875df98394a0e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.3.dsc Size/MD5: 1020 4cb25054b1a571a1c228d06b6fa8872a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 130748 cec7e5a6bbd103d02f59b171e6d3cc62 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 166720 eddb5a050a7637767c89f7f84b686bfc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_amd64.deb Size/MD5: 958496 551d5753a74f213bfc2cfd30849beae5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 121340 35ae855094d28ba27c6adbd2dbe52125 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 152528 69a0aff9de16526d748439e3c7328ed3 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_i386.deb Size/MD5: 900950 a594fcc12375717e00501ea309d19eff powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 133704 fe69e3b733b16e50360836197f7cecdc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 158892 7310d1dd87e09123350b9338ebf20216 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_powerpc.deb Size/MD5: 966698 424729c177d675a259d311d10aebbb18 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 121598 f43c977b60ba22fa469141867d6bcfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 149344 766dab29f1fd99af475b331440c4c4cc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.3_sparc.deb Size/MD5: 909576 733c2d21d553061af3bfb4d6792a24d1 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.diff.gz Size/MD5: 140603 0f1ab4e378c92fb2e12887ec9046e0cc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.2.dsc Size/MD5: 1295 ee74d8bd01147a16a304705477171875 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz Size/MD5: 2971126 c40bcc23fa65908b8d7a86a4a6061251 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 187680 68efce79af7efe0a1d08201060361653 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 292344 da795196baacdaac42894aa055629bea http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_amd64.deb Size/MD5: 1228068 36e10789bdb22aa92428ec6d77d297b7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 156110 034749aedc798753db0d9541c2c8b74e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 267460 f0ffcab028cd2237b6dad5592c454659 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_i386.deb Size/MD5: 1154810 73212a3a90a50d0fa342e886b61993f3 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 203704 6f1d507298df6933ce5ac77fb52ebfb2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 294438 882c7302c977a3ef131b217ec8851eb7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_powerpc.deb Size/MD5: 1280484 2b30e19235b699552a37db6aaa40e874 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 164430 d2e7b34d207937643dc45a3cdebd7e93 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 264284 245d63568559de9d2692b59e45a78462 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.2_sparc.deb Size/MD5: 1169954 44205386809e93336c4610c43fda8786 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.diff.gz Size/MD5: 151903 2cd8ba0d9c70957b9956e427809578b7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.2.dsc Size/MD5: 1305 57e636f0f209825bdab902f327bc5c9a http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz Size/MD5: 2947629 5096146b7a7eb6ce3b0a97549347b5be amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 190006 3163216fad39b4f6f6eeb1d5a7a0dee6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 347150 1ee13cb4baf6332cfc41842c56f24cbc http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_amd64.deb Size/MD5: 1296380 c833d82c46dcf383895269e4382fdb44 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 155416 a55085d0ddd8c5efcf922cb4654ee432 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 314722 1e36f20fb6a2c7edf227a32e7c15702d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_i386.deb Size/MD5: 1216432 1e3cef622a3763e3f52c71cf799caf67 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 205216 25bf9ad7302ac5bfdd7aa17316bbfc7d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 345862 3891c829c88334a631e29d3ab65f970e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_powerpc.deb Size/MD5: 1345548 2b31e34aeb9db8cf819e5e9f64fb2499 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 166440 9729d0640a24245d806a1eaa4da57e25 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 306882 7b8e476dcc15ce5d9d7b36de14617559 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.2_sparc.deb Size/MD5: 1229006 496bc48c65314709cb2bb0f2570b7881
Attachment:
signature.asc
Description: Digital signature