USN-305-1: OpenLDAP vulnerability
Posted on: 06/27/2006 02:12 PM

A new OpenLDAP vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-305-1 June 27, 2006
openldap2, openldap2.2 vulnerability
CVE-2006-2754
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
slapd 2.1.30-3ubuntu3.2

Ubuntu 5.10:
slapd 2.2.26-3ubuntu0.1

Ubuntu 6.06 LTS:
slapd 2.2.26-5ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

When processing overly long host names in OpenLDAP's slurpd replication
server, a buffer overflow caused slurpd to crash.

If an attacker manages to inject a specially crafted host name into
slurpd, this might also be exploited to execute arbitrary code with
slurpd's privileges; however, since slurpd is usually set up to
replicate only trusted machines, this should not be exploitable in
normal cases.


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.3=
0-3ubuntu3.2.diff.gz
Size/MD5: 117693 811feb51c50318d90b2f8d3955bd2cd4
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.3=
0-3ubuntu3.2.dsc
Size/MD5: 988 772bf522a7b5211787dc7272ea0b71cb
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.3=
0.orig.tar.gz
Size/MD5: 2044673 e2ae8148c4bed07d7a70edd930bdc403

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2=
=2E1.30-3ubuntu3.2_all.deb
Size/MD5: 72546 3fe7d6a3e99f1d49d049127af41a8334

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.=
30-3ubuntu3.2_amd64.deb
Size/MD5: 126502 b78a3e1a2d62ba78ca38842ba9c7b05a
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.=
1.30-3ubuntu3.2_amd64.deb
Size/MD5: 361334 2d589dc600e42bc19024170fcb728d39
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30=
-3ubuntu3.2_amd64.deb
Size/MD5: 309204 c13675910f7c21bb3e723592c6e495f2
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3u=
buntu3.2_amd64.deb
Size/MD5: 1088128 a3b2230434033fd0070d643b3c09c1d4

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.=
30-3ubuntu3.2_i386.deb
Size/MD5: 110870 7cbb5b6f1ba2118946c6811076b701fa
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.=
1.30-3ubuntu3.2_i386.deb
Size/MD5: 318170 8dab1fcba483d48cac5bcda3b0c4a58c
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30=
-3ubuntu3.2_i386.deb
Size/MD5: 284732 301a45c6f09a37332ea5a7b184e8c176
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3u=
buntu3.2_i386.deb
Size/MD5: 979438 ff72cd74acd311e16307286b6c598130

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.=
30-3ubuntu3.2_powerpc.deb
Size/MD5: 129774 2b223fe63713e7f4cfbdb434b251d69e
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.=
1.30-3ubuntu3.2_powerpc.deb
Size/MD5: 373308 bb5106479b3f3928f8eaf247a2c9af01
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30=
-3ubuntu3.2_powerpc.deb
Size/MD5: 302964 73c3c1603cd8a00e4a49f6486676ecb6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3u=
buntu3.2_powerpc.deb
Size/MD5: 1058408 e483f9a6ecbee4aee2dd196b399e15ed

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26-3ubuntu0.1.diff.gz
Size/MD5: 495731 9e5ff179d3930bba207a013a9361f5b0
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26-3ubuntu0.1.dsc
Size/MD5: 1020 23742091bec8567bf0dfc5326657fb12
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.1_amd64.deb
Size/MD5: 129756 57ed4fbea2a6c2b0de87878fc81417da
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.1_amd64.deb
Size/MD5: 164128 6e18cf1741f0b0dd7ab88279b052a1a3
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.1_amd64.deb
Size/MD5: 954370 635ae92d2157d53b2957b062e3dc5661

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.1_i386.deb
Size/MD5: 118146 e50ccd57a1f71e904193040b47d5d59c
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.1_i386.deb
Size/MD5: 144742 162e0c8d96ab25641f1aa36e25ddd1d1
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.1_i386.deb
Size/MD5: 865922 e848677ebffa8f749d25d2d809e6f32c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.1_powerpc.deb
Size/MD5: 132322 5af4200f87b773f803585472cdb02d0b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.1_powerpc.deb
Size/MD5: 155466 2b54e0326fa70088eea062590975ec36
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.1_powerpc.deb
Size/MD5: 954736 44a826baae1253ecb074f415e6bf7d38

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.1_sparc.deb
Size/MD5: 121364 7345da5217fbfb8761347d3eb03d7f5e
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.1_sparc.deb
Size/MD5: 147560 cbb0badc7b85347112c19116ead6d3f2
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.1_sparc.deb
Size/MD5: 899418 14cce6ef47a4f84c1936b0a3704d81e1

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26-5ubuntu2.1.diff.gz
Size/MD5: 514340 41d918c94861a09c91c720e58a8746b1
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26-5ubuntu2.1.dsc
Size/MD5: 1022 deab91ea4c8e19422e9cc4f1f32b49e3
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
=2E2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.1_amd64.deb
Size/MD5: 130156 2bc0b9509a895aea193721624feb249b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.1_amd64.deb
Size/MD5: 165566 ef6c9d06239fddf2b3412975c60d7fe4
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.1_amd64.deb
Size/MD5: 960764 6a2fd21f5e54e517f08196c859b186e2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.1_i386.deb
Size/MD5: 118086 ffa215efabd92e67fe620a6214b78d3c
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.1_i386.deb
Size/MD5: 145656 f2b0606f73d4829949b2c06abbb0ec10
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.1_i386.deb
Size/MD5: 872454 18a48a067b86be5154966cc787d49195

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.1_powerpc.deb
Size/MD5: 132332 e5da252ccd064af45df00a604b9921ca
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.1_powerpc.deb
Size/MD5: 156718 fda4dd9465fd6796eda8bef9379db677
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.1_powerpc.deb
Size/MD5: 958870 728c6cd9b0dd4a74e48dd6734e058675

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.1_sparc.deb
Size/MD5: 120398 2d899349a89ccaea09e074828249ba57
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.1_sparc.deb
Size/MD5: 147776 4c64e80390003866ef720c1276bc1f82
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.1_sparc.deb
Size/MD5: 902976 dcecebf79109357fdc8278b89d3f8bd2


--O3RTKUHj+75w1tg5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEoQ5GDecnbV4Fd/IRAieVAJ9V9HPcThZBCvBx1xrEcK2TOBd5dACbBCke
oDQUjrGUl0bxhAe7SjD2VSg=
=7Op2
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_305_1_openldap_vulnerability.html)