Ubuntu 6311 Published by

A new OpenLDAP vulnerability update is available for Ubuntu Linux. Here the announcement:



Ubuntu Security Notice USN-384-1 November 20, 2006
openldap2.2 vulnerability
CVE-2006-5779
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
libldap-2.2-7 2.2.26-3ubuntu0.2

Ubuntu 6.06 LTS:
libldap-2.2-7 2.2.26-5ubuntu2.2

Ubuntu 6.10:
libldap-2.2-7 2.2.26-5ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Evgeny Legerov discovered that the OpenLDAP libraries did not correctly
truncate authcid names. This situation would trigger an assert and
abort the program using the libraries. A remote attacker could send
specially crafted bind requests that would lead to an LDAP server denial
of service.


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-3ubuntu0.2.diff.gz
Size/MD5: 496193 6489142e8aebaf700dffa4436ceb9125
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-3ubuntu0.2.dsc
Size/MD5: 1020 3107bd4e8185872a1187a44f68e4a79d
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.2_amd64.deb
Size/MD5: 129942 685ed6da8a0029168dc2ab2b08482fa1
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.2_amd64.deb
Size/MD5: 164344 58ac93b154a048605e26add2bb8788d6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.2_amd64.deb
Size/MD5: 954654 4a11e525c79e58a6e072533d41807282

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.2_i386.deb
Size/MD5: 118314 48a1edbf81bfe84f5624fa566f223d47
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.2_i386.deb
Size/MD5: 144906 962b8dac7f92023d592e2f4a9b669d7c
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.2_i386.deb
Size/MD5: 866154 225472af1108f1d3f45fdea57d741e85

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.2_powerpc.deb
Size/MD5: 132484 5235d7945b6c22d2ca88626740469a11
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.2_powerpc.deb
Size/MD5: 155616 824f6ea3cd03452e51fd1dff00d144cf
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.2_powerpc.deb
Size/MD5: 955014 028d4dda659565b4d144133b10782a82

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-3ubuntu0.2_sparc.deb
Size/MD5: 121514 1c5ea82fa78e27158bd4bd648e9f3aab
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-3ubuntu0.2_sparc.deb
Size/MD5: 147724 41cf3ee9648b4741e1ae733cb85303a6
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
3ubuntu0.2_sparc.deb
Size/MD5: 899702 b8cbea7f0e01bbd6cbe3784749b10ae2

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu2.2.diff.gz
Size/MD5: 514824 dae9d9d370900acd3e68236fcba338ef
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu2.2.dsc
Size/MD5: 1020 da008958f1f1be6034d066992994d72f
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.2_amd64.deb
Size/MD5: 130302 6c4f872550fd66571d941b95932f1d94
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.2_amd64.deb
Size/MD5: 165690 fc2a688286ab9018b7628f4578d66749
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.2_amd64.deb
Size/MD5: 960970 e6a4ec6260464029de2f5c59e46b8aaf

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.2_i386.deb
Size/MD5: 118204 d0113a49754b5532f4264a1faeddc898
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.2_i386.deb
Size/MD5: 145812 6ac3d23280dd1629db869f7e87205116
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.2_i386.deb
Size/MD5: 872652 9a227353c8514d06dcb9df71cefa021c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.2_powerpc.deb
Size/MD5: 132464 603817c7369c434c3431a0f45d3b6d2b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.2_powerpc.deb
Size/MD5: 156868 04b61ffefee75cb253a372045ad31050
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.2_powerpc.deb
Size/MD5: 959120 767ac6ba7a6eb7dadb52f1580f3368a4

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu2.2_sparc.deb
Size/MD5: 120504 4611cecc11a7879215a82a38acfe7594
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu2.2_sparc.deb
Size/MD5: 147902 7b701282672f73d674ab7cdcde295fb4
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu2.2_sparc.deb
Size/MD5: 903148 2560661995f6456daadf0e98ea02836a

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu3.1.diff.gz
Size/MD5: 515887 51a03d1a45addff349d4964037814c9a
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26-5ubuntu3.1.dsc
Size/MD5: 1020 104953f3f263c3ff6bf651016cca24c2
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2=
.2.26.orig.tar.gz
Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu3.1_amd64.deb
Size/MD5: 130482 fee83cf01bfcf3583fb7ffa6b117d45b
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu3.1_amd64.deb
Size/MD5: 166454 cf19d7c93cf4afdb2fd756956daf4b83
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu3.1_amd64.deb
Size/MD5: 958026 a919760c1dc0be71ddd314754b5865e2

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu3.1_i386.deb
Size/MD5: 121144 f47e0228d4a170ba5e236dfa24afc580
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu3.1_i386.deb
Size/MD5: 152264 7bc5ea6a0f004ae55a5dec8b6c6dd8a8
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu3.1_i386.deb
Size/MD5: 900510 b1934c1394cf87178f8b0227db25b437

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu3.1_powerpc.deb
Size/MD5: 133466 e97fca30cc4feebbf18d285b7b3768e1
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu3.1_powerpc.deb
Size/MD5: 158622 5628aff8386cdc0742c9710ce9acffdd
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu3.1_powerpc.deb
Size/MD5: 966308 f39802aa3659d09235cfbfb0e7b2cab6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.=
2.26-5ubuntu3.1_sparc.deb
Size/MD5: 121394 81f4607e8c8b83f1fc7afd4b44c6877f
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7=
_2.2.26-5ubuntu3.1_sparc.deb
Size/MD5: 149082 df8842ea271eeb27726aa18f7bc26991
http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-=
5ubuntu3.1_sparc.deb
Size/MD5: 909040 a48d742f3613721a650d98703503006c


--+ts6NCQ4mrNQIV8p
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFYkx9H/9LqRcGPm0RAslQAJ0YheyAMRlOaazDjvDOnD0jbZJc9ACfW5s/
HxshSD9+bkSPswWeRuhDmzk=
=IfyZ
-----END PGP SIGNATURE-----