From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1943
[email protected] http://www.debian.org/security/ Giuseppe Iuculano
December 02, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Packages : openldap openldap2.3
Vulnerability : insufficient input validation
Problem type : remote
Debian-specific: no
Debian bug : 553432
CVE ID : CVE-2009-3767
It was discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
For the oldstable distribution (etch), this problem has been fixed in version 2.3.30-5+etch3 for openldap2.3.
For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny1 for openldap.
For the testing distribution (squeeze), and the unstable distribution (sid), this problem has been fixed in version 2.4.17-2.1 for openldap.
We recommend that you upgrade your openldap2.3/openldap packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
Size/MD5 checksum: 2971126 c40bcc23fa65908b8d7a86a4a6061251
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc
Size/MD5 checksum: 1214 36efc1cf2a98c54d4b1da0910e273843
http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz
Size/MD5 checksum: 315058 310ce752b78ff3227d78dcd8c1bd60a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 293108 2172048d5f8b8b7f379b3414fc5c2e37
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 1280772 ab65f162a40607c1787f9b03783a7563
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb
Size/MD5 checksum: 193768 602a6da790648dd8b0af7d9f386b5c6e
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 285554 42480b47018eb1d70b9e62d05b925a5b
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 1244570 b88256f8259516b09c51f166ff6b4aea
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb
Size/MD5 checksum: 184652 716cc53985a031d1fe03fede778d6ae5
arm architecture (ARM)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 1190314 8686c6a9a9240e6113f92c8bb20d7e1a
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 254828 49d9c9a250fb4a5a828de5791ee92380
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb
Size/MD5 checksum: 155876 bb45d3104fe4b9811fdb3063da42d3b1
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 1307146 698d7416e4cc544522ce2e25ac9c0fce
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 292798 eb9d6d19560a1153cc58ccae3f354a4e
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb
Size/MD5 checksum: 182568 caade74265ee9d7b8ac77c844c23b413
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 1177552 f3ccf11b82474593af5e30a272f9edb9
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 148744 168e58797e74f9b3b6d3c337b6369ca7
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb
Size/MD5 checksum: 266538 3be52b8402d06913624a3e808be58ecb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 239248 78d1537b3a106824ff5d076e828a0312
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 379904 dbc96e1a44dce4bb5f79b9c043823293
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb
Size/MD5 checksum: 1660854 fcc2873ffd50e45c956d9bcc81d83c51
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 258210 298f5a83a1efd8c035644fd58df21f2c
http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 185598 b6c67ee072f2de03820e7ce11edb39c3
http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb
Size/MD5 checksum: 1205768 3f312958af5ea129384513e5fab72208
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)