==========================================================Ubuntu Security Notice USN-858-1          November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libldap-2.2-7                   2.2.26-5ubuntu2.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that OpenLDAP did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this to
perform a man in the middle attack to view sensitive information or alter
encrypted communications.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   516098 098a03b4f7d511ce730e9647deca2072
          Size/MD5:     1028 5a95dae94a1016fbcf41c1c1992ea8e6
          Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   130854 1f1b40b12adcb557a810194d0c4f7993
          Size/MD5:   166444 500528d10502361c075a08578c1586f5
          Size/MD5:   961974 f56eef919306d6ca7f4a7a090d2ae6ba

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   118638 0558a833fb6eadf4d87bd9fd6e687838
          Size/MD5:   146444 fc85d5259c97622324047bbda153937d
          Size/MD5:   873424 358c78f76ee16010c1fb81e89adfe849

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   133012 92d9de435a795261e6bf4143f2bf59c7
          Size/MD5:   157480 099b1ee5e158f77be109a7972587f596
          Size/MD5:   960052 850fb56995224edd6ae329af1b8236ef

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   120932 4fa0f7accd968ba71dff1f7c5b2ef811
          Size/MD5:   148546 2d1af209a8b53a8315fbd4bd86573d70
          Size/MD5:   903928 4aa6b0478821e803c80a020b031aafed

Ubuntu 858-1: OpenLDAP vulnerability

November 12, 2009
It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name

Summary

Update Instructions

References

Severity
openldap2.2 vulnerability

Package Information

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved