Debian: New openldap2.3 packages fix denial of service

    Date08 Apr 2008
    CategoryDebian
    1917
    Posted ByLinuxSecurity Advisories
    Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1541-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                       Moritz Muehlenhoff
    April 08, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : openldap2.3
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658
    Debian Bug     : 440632 448644 465875
    
    Several remote vulnerabilities have been discovered in OpenLDAP, a
    free implementation of the Lightweight Directory Access Protocol. The
    Common Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2007-5707
    
        Thomas Sesselmann discovered that slapd could be crashed by a
        malformed modify requests.
      
    CVE-2007-5708
    
        Toby Blade discovered that incorrect memory handling in slapo-pcache
        could lead to denial of service through crafted search requests.
    
    CVE-2007-6698
    
        It was discovered that a programming error in the interface to the
        BDB storage backend could lead to denial of service through
        crafted modify requests.
    
    CVE-2008-0658
    
        It was discovered that a programming error in the interface to the
        BDB storage backend could lead to denial of service through
        crafted modrdn requests.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.3.30-5+etch1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.4.7-6.1.
    
    We recommend that you upgrade your openldap2.3 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.diff.gz
        Size/MD5 checksum:   311352 ab5ecd0da4ad32f39ca8ca34e97aea8e
      http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
        Size/MD5 checksum:  2971126 c40bcc23fa65908b8d7a86a4a6061251
      http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.dsc
        Size/MD5 checksum:     1205 64cd8bb9897af0062fd15e9b0fb8e32e
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:   193978 6e4e9f9c7f0936cb8d023bf2402af42e
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:   293070 35576398d8f2d5618bace89bbec87870
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:  1283688 a2eaf28c1c1285753e71122c5561e39f
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:   184540 6bc131c285864c654d28e90fd06000ee
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:   285256 995b228196a6ce2ccf5bcfa6521244c5
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:  1244474 3b455c3a4f221bfb82dd6f70dd5f851a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:  1188898 956eeea9cc2bd6e5e4e50145d05dd39e
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:   141956 d9b143c4304ca81db461be2bdf30221c
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:   254604 6b2744212645932232f285547c3465a0
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:  1306308 287335a1821aefc8efb102d6982aff98
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:   292048 4a4f3ef5fbbe1e8793bf1cd797e7b028
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:   180756 691a106d02d195b991b235515d0d174c
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:   265946 e88fc90218b13aebb2a1578901a69824
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:  1174252 903a34a92df100585dba3e0ec0f25987
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:   154126 80588200bcbc4f6b8e3c60983eae4780
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:   379540 9487d1a5a9a03c4654b7a361d4c67753
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:  1660796 6df92fd96886f3316f26f89f2da0eb96
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:   239118 9ae940f8df656d2f233acefd0b2274bf
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:   185506 8a1ab4fc883116059b529ffa00a8c346
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:  1205680 431589f3aad740adde1dc121edfc2f0b
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:   257964 10ae6c9739e5ec1cce436e82572d3086
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:  1188188 eb29253ae4008e5e74135b9b03fda111
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:   258576 83b99052b2853cd94b665ae621d3b66f
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:   186780 316031a466a6e221789ee246c2fe96c6
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:   272220 f8cb7024f7e5e00b94ff8d638cddb18d
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:   188744 7bd626905a9443950a1cab4df28a4a59
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:  1243640 6faf3ce99497a3e8d793eea3c0d0aca2
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:  1240862 ccf0e13f6dc5756dc84d524cb9a033dd
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:   291452 33deedd35ad575833f7227047b644fae
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:   168348 4fa52da0e0d54466a804c40306ae9f83
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:  1167532 392f3e996130e2fa64c0005218d776e0
      http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:   256800 32585d0c8d9996050f74caf021af6f73
      http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:   154976 a083feee801f6c843b6509df9b6307b3
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.11,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":33.33,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.