CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2009/VULN458 _____________________________________________________________________ DATE : 13/11/2009 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Openldap. ====================================================================== https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-November/000999.html ______________________________________________________________________ =========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.diff.gz Size/MD5: 516098 098a03b4f7d511ce730e9647deca2072 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26-5ubuntu2.9.dsc Size/MD5: 1028 5a95dae94a1016fbcf41c1c1992ea8e6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/openldap2.2_2.2.26.orig.tar.gz Size/MD5: 2626629 afc8700b5738da863b30208e1d3e9de8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 130854 1f1b40b12adcb557a810194d0c4f7993 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 166444 500528d10502361c075a08578c1586f5 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_amd64.deb Size/MD5: 961974 f56eef919306d6ca7f4a7a090d2ae6ba i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 118638 0558a833fb6eadf4d87bd9fd6e687838 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 146444 fc85d5259c97622324047bbda153937d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_i386.deb Size/MD5: 873424 358c78f76ee16010c1fb81e89adfe849 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 133012 92d9de435a795261e6bf4143f2bf59c7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 157480 099b1ee5e158f77be109a7972587f596 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_powerpc.deb Size/MD5: 960052 850fb56995224edd6ae329af1b8236ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/ldap-utils_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 120932 4fa0f7accd968ba71dff1f7c5b2ef811 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/libldap-2.2-7_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 148546 2d1af209a8b53a8315fbd4bd86573d70 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2.2/slapd_2.2.26-5ubuntu2.9_sparc.deb Size/MD5: 903928 4aa6b0478821e803c80a020b031aafed ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================