Linux Security
    Linux Security
    Linux Security

    Debian: New openldap2.3 packages fix denial of service

    Date
    2019
    Posted By
    Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requests.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1541-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                       Moritz Muehlenhoff
    April 08, 2008                        https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : openldap2.3
    Vulnerability  : several
    Problem type   : remote
    Debian-specific: no
    CVE Id(s)      : CVE-2007-5707 CVE-2007-5708 CVE-2007-6698 CVE-2008-0658
    Debian Bug     : 440632 448644 465875
    
    Several remote vulnerabilities have been discovered in OpenLDAP, a
    free implementation of the Lightweight Directory Access Protocol. The
    Common Vulnerabilities and Exposures project identifies the following
    problems:
    
    CVE-2007-5707
    
        Thomas Sesselmann discovered that slapd could be crashed by a
        malformed modify requests.
      
    CVE-2007-5708
    
        Toby Blade discovered that incorrect memory handling in slapo-pcache
        could lead to denial of service through crafted search requests.
    
    CVE-2007-6698
    
        It was discovered that a programming error in the interface to the
        BDB storage backend could lead to denial of service through
        crafted modify requests.
    
    CVE-2008-0658
    
        It was discovered that a programming error in the interface to the
        BDB storage backend could lead to denial of service through
        crafted modrdn requests.
    
    For the stable distribution (etch), these problems have been fixed in
    version 2.3.30-5+etch1.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 2.4.7-6.1.
    
    We recommend that you upgrade your openldap2.3 packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.diff.gz
        Size/MD5 checksum:   311352 ab5ecd0da4ad32f39ca8ca34e97aea8e
      https://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
        Size/MD5 checksum:  2971126 c40bcc23fa65908b8d7a86a4a6061251
      https://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch1.dsc
        Size/MD5 checksum:     1205 64cd8bb9897af0062fd15e9b0fb8e32e
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:   193978 6e4e9f9c7f0936cb8d023bf2402af42e
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:   293070 35576398d8f2d5618bace89bbec87870
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_alpha.deb
        Size/MD5 checksum:  1283688 a2eaf28c1c1285753e71122c5561e39f
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:   184540 6bc131c285864c654d28e90fd06000ee
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:   285256 995b228196a6ce2ccf5bcfa6521244c5
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_amd64.deb
        Size/MD5 checksum:  1244474 3b455c3a4f221bfb82dd6f70dd5f851a
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:  1188898 956eeea9cc2bd6e5e4e50145d05dd39e
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:   141956 d9b143c4304ca81db461be2bdf30221c
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_arm.deb
        Size/MD5 checksum:   254604 6b2744212645932232f285547c3465a0
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:  1306308 287335a1821aefc8efb102d6982aff98
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:   292048 4a4f3ef5fbbe1e8793bf1cd797e7b028
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_hppa.deb
        Size/MD5 checksum:   180756 691a106d02d195b991b235515d0d174c
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:   265946 e88fc90218b13aebb2a1578901a69824
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:  1174252 903a34a92df100585dba3e0ec0f25987
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_i386.deb
        Size/MD5 checksum:   154126 80588200bcbc4f6b8e3c60983eae4780
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:   379540 9487d1a5a9a03c4654b7a361d4c67753
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:  1660796 6df92fd96886f3316f26f89f2da0eb96
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_ia64.deb
        Size/MD5 checksum:   239118 9ae940f8df656d2f233acefd0b2274bf
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:   185506 8a1ab4fc883116059b529ffa00a8c346
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:  1205680 431589f3aad740adde1dc121edfc2f0b
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mips.deb
        Size/MD5 checksum:   257964 10ae6c9739e5ec1cce436e82572d3086
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:  1188188 eb29253ae4008e5e74135b9b03fda111
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:   258576 83b99052b2853cd94b665ae621d3b66f
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_mipsel.deb
        Size/MD5 checksum:   186780 316031a466a6e221789ee246c2fe96c6
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:   272220 f8cb7024f7e5e00b94ff8d638cddb18d
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:   188744 7bd626905a9443950a1cab4df28a4a59
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_powerpc.deb
        Size/MD5 checksum:  1243640 6faf3ce99497a3e8d793eea3c0d0aca2
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:  1240862 ccf0e13f6dc5756dc84d524cb9a033dd
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:   291452 33deedd35ad575833f7227047b644fae
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_s390.deb
        Size/MD5 checksum:   168348 4fa52da0e0d54466a804c40306ae9f83
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:  1167532 392f3e996130e2fa64c0005218d776e0
      https://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:   256800 32585d0c8d9996050f74caf021af6f73
      https://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch1_sparc.deb
        Size/MD5 checksum:   154976 a083feee801f6c843b6509df9b6307b3
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.