[USN-551-1] OpenLDAP vulnerabilities
Date: Mon, 03 Dec 2007 22:16:06 -0500
From: Jamie Strandboge <jamie@ubuntu.com.>
To: ubuntu-security-announce@lists.ubuntu.com
Subject: [USN-551-1] OpenLDAP vulnerabilities
X-Enigmail-Version: 0.95.5
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ubuntu Security Notice USN-551-1 December 04, 2007
openldap vulnerabilities
CVE-2007-5707, CVE-2007-5708
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
slapd 2.2.26-5ubuntu2.4
Ubuntu 6.10:
slapd 2.2.26-5ubuntu3.2
Ubuntu 7.04:
slapd 2.3.30-2ubuntu0.1
Ubuntu 7.10:
slapd 2.3.35-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
Thomas Sesselmann discovered that the OpenLDAP slapd server
did not properly handle certain modify requests. A remote
attacker could send malicious modify requests to the server
and cause a denial of service. (CVE-2007-5707)
Toby Blake discovered that slapd did not properly terminate
an array while running as a proxy-caching server. A remote
attacker may be able to send crafted search requests to the
server and cause a denial of service. This issue only affects
Ubuntu 7.04 and 7.10. (CVE-2007-5708)
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.4.diff.gz
Size/MD5: 511262 b54753c0e681803599125b18bef714ff
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.4.dsc
Size/MD5: 1020 519f96ba1375478163e3c40e881ae2d7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_amd64.deb
Size/MD5: 130406 8d3bf04e5529528c0ac26530b2070f78
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_amd64.deb
Size/MD5: 165830 e66f9e954c0ea05b4e2611ccd9fbcce6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_amd64.deb
Size/MD5: 961236 e5a89ad1cf97801efd27c52191703752
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_i386.deb
Size/MD5: 118302 c57c5729bc9cf5ada18ebc3bef77d8da
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_i386.deb
Size/MD5: 145954 caf31365b85db0e03a5f9884dda48fc7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_i386.deb
Size/MD5: 872794 8e5380a50fef5a25ac83c309f9a09a7d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_powerpc.deb
Size/MD5: 132560 bcef53015f0225ad7e216d94f23d1190
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_powerpc.deb
Size/MD5: 157010 2132bdab3beff83ae731103602cdc38d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_powerpc.deb
Size/MD5: 959310 629b33d57e8087fbb8f5be51203f6dee
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.4_sparc.deb
Size/MD5: 120616 13c31cc42532a60ceb499fc044356dc8
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.4_sparc.deb
Size/MD5: 148044 3bf8d5ec833a67b9660bb7a448ae0c89
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.4_sparc.deb
Size/MD5: 903250 43b642eccf4fdb4b2ae81d9f4e65236d
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.2.diff.gz
Size/MD5: 512406 0a7387e1542e833d4fcf3dd458571805
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu3.2.dsc
Size/MD5: 1020 2926a0c36b89ebb9dc498005f4a8c93a
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_amd64.deb
Size/MD5: 130568 2c0d6fd715c4049d464acc6da91db771
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_amd64.deb
Size/MD5: 166602 43b9daf9f2938ee91818e08ef88e3897
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_amd64.deb
Size/MD5: 958238 76f32588bf19a293993f59281a1b19db
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_i386.deb
Size/MD5: 121234 8ef74f1ac973fd76c383c82d5ed1fcc8
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_i386.deb
Size/MD5: 152394 20c8c28e5c8f62db165592a847728600
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_i386.deb
Size/MD5: 900626 2fd37c48cbee64886b75665f3c4b22b7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_powerpc.deb
Size/MD5: 133566 9f8ff85e0bcc546a35174d5f8e4c32d4
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_powerpc.deb
Size/MD5: 158770 7051d8aa41997d86ad9bdd1f0cbd09fd
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_powerpc.deb
Size/MD5: 966444 a0a61d9af0fd64251f75cf6062e85834
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu3.2_sparc.deb
Size/MD5: 121492 9e05e58bb98a5ddd53656fd82a23d45b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu3.2_sparc.deb
Size/MD5: 149232 8f73c53ad74062f446aac3c31ef953ff
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu3.2_sparc.deb
Size/MD5: 909242 2a9d3a22330886f4bf727ea1d19187e0
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.1.diff.gz
Size/MD5: 139726 79fb0171f368ca4312d48d4c695edb53
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30-2ubuntu0.1.dsc
Size/MD5: 1295 fc1bc630868634c3937dea90fe7f9c4e
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
Size/MD5: 2971126 c40bcc23fa65908b8d7a86a4a6061251
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_amd64.deb
Size/MD5: 187572 cb6072c694a417d01d3da06c94977a4e
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_amd64.deb
Size/MD5: 292212 5afbe83546e56db28b59906d7820d92d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_amd64.deb
Size/MD5: 1227928 e2e2e821b94b2940bd599ad513922d7f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_i386.deb
Size/MD5: 155982 05d6d346c35f7e6f3e3b3f13916cc7cb
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_i386.deb
Size/MD5: 267352 c0309cfc9c84f183df478d51c040400b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_i386.deb
Size/MD5: 1154660 fa9fd13816f4181219749a39ec891413
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_powerpc.deb
Size/MD5: 203570 ee80e1eeb0e3affccecc9974bbc3e91d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_powerpc.deb
Size/MD5: 294320 67698b61c8e2aa0b914b02483449813c
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_powerpc.deb
Size/MD5: 1280328 a559f7311835769efd965854e324036e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.30-2ubuntu0.1_sparc.deb
Size/MD5: 164312 51a13892bf9013a12b2f356282281421
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.30-2ubuntu0.1_sparc.deb
Size/MD5: 264178 6fccf9f07791c6cf5ed41c52cdaac2cb
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.30-2ubuntu0.1_sparc.deb
Size/MD5: 1169780 f5d2064a6f5a560151865d87d963e3db
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.1.diff.gz
Size/MD5: 153304 035a13818eebaca172ef7fb2e1b73f83
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35-1ubuntu0.1.dsc
Size/MD5: 1305 89bc62db8536ab8292fc3afabbce98b5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/openldap2.3_2.3.35.orig.tar.gz
Size/MD5: 2947629 5096146b7a7eb6ce3b0a97549347b5be
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_amd64.deb
Size/MD5: 189744 dce285ce9164fe57f56d99a53935205a
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_amd64.deb
Size/MD5: 346882 1e33bf330b7551e2035ba32f576ed8c7
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_amd64.deb
Size/MD5: 1295526 f16e6d501bb115b4c5b24ac7af676043
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_i386.deb
Size/MD5: 155172 b1229c692b2b0e90842f2a3963710d44
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_i386.deb
Size/MD5: 314500 ea70a6f6d29f2458401cd0de1a99772f
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_i386.deb
Size/MD5: 1215670 083901dcaadcb356d8d743facbe76410
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_powerpc.deb
Size/MD5: 204936 8144ae85dd773e4126bfb13dda6f383f
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_powerpc.deb
Size/MD5: 345608 449f262dee94fc35f907e3da735b2ff0
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_powerpc.deb
Size/MD5: 1344728 bec28b0dfb90095961a484ec2f3cc96e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/ldap-utils_2.3.35-1ubuntu0.1_sparc.deb
Size/MD5: 166128 e14bbb2254d7a577b3f04453b8743ac5
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/libldap-2.3-0_2.3.35-1ubuntu0.1_sparc.deb
Size/MD5: 306682 95a1008f5696a6d9cb6f9e7e521c7ab8
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.3/slapd_2.3.35-1ubuntu0.1_sparc.deb
Size/MD5: 1228072 8ffd29411e996e6a5853f29621d092d3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVMZ2W0JvuRdL8BoRAo44AJ4lKdQaZEkOT/rJCCH87ZHB/sPK9ACghXsW
uzbIzU1FCeG9gaq4dD0g+kQ=
=QjYS
-----END PGP SIGNATURE-----
