=========================================================== 
Ubuntu Security Notice USN-584-1             March 05, 2008
openldap2.2, openldap2.3 vulnerabilities
CVE-2007-6698, CVE-2008-0658
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  slapd                           2.2.26-5ubuntu2.6

Ubuntu 6.10:
  slapd                           2.2.26-5ubuntu3.3

Ubuntu 7.04:
  slapd                           2.3.30-2ubuntu0.2

Ubuntu 7.10:
  slapd                           2.3.35-1ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Jonathan Clarke discovered that the OpenLDAP slapd server did not
properly handle modify requests when using the Berkeley DB backend
and the NOOP control was used. An authenticated user with modify
permissions could send a crafted modify request and cause a denial
of service via application crash. Ubuntu 7.10 is not affected by
this issue. (CVE-2007-6698)

Ralf Haferkamp discovered that the OpenLDAP slapd server did not
properly handle modrdn requests when using the Berkeley DB backend
and the NOOP control was used. An authenticated user with modrdn
permissions could send a crafted modrdn request and possibly cause a
denial of service via application crash. (CVE-2007-6698)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   513643 5ec2226be9a7a7ed4b08c8c129943979
          Size/MD5:     1020 fa23dada98476932fb1e8c1e6d47a143
          Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   130552 9e5d6589617f2c98632b8c7c5a4f2afc
          Size/MD5:   165976 68032a07f814ef62556b539b17531161
          Size/MD5:   961572 6074803431925962b7500f1223ecba0e

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   118396 b8864fd7cb61e88cf5bd15ed5c87ce38
          Size/MD5:   146100 27c057986763be36fd3b267ba1844bb2
          Size/MD5:   873016 c392b5a10d1973fe2d6c264d496a0424

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   132736 a21157c2d376e3b4cdd7fdb2e3b97a2e
          Size/MD5:   157168 a935b8931a79ec692fa3d10357feb811
          Size/MD5:   959554 bd801628bccfdc5624d9386d0fb6c2d1

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   120696 8efb65196a17efc1b397cadc874eb201
          Size/MD5:   148180 83781a94080002f4363d2fd557cec845
          Size/MD5:   903560 0ed257e45f1ae749cb3a0b4591328db4

Updated packages for Ubuntu 6.10:

  Source archives:

          Size/MD5:   514824 2e3cf6b4dbcfc951d00875df98394a0e
          Size/MD5:     1020 4cb25054b1a571a1c228d06b6fa8872a
          Size/MD5:  2626629 afc8700b5738da863b30208e1d3e9de8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   130748 cec7e5a6bbd103d02f59b171e6d3cc62
          Size/MD5:   166720 eddb5a050a7637767c89f7f84b686bfc
          Size/MD5:   958496 551d5753a74f213bfc2cfd30849beae5

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   121340 35ae855094d28ba27c6adbd2dbe52125
          Size/MD5:   152528 69a0aff9de16526d748439e3c7328ed3
          Size/MD5:   900950 a594fcc12375717e00501ea309d19eff

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   133704 fe69e3b733b16e50360836197f7cecdc
          Size/MD5:   158892 7310d1dd87e09123350b9338ebf20216
          Size/MD5:   966698 424729c177d675a259d311d10aebbb18

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   121598 f43c977b60ba22fa469141867d6bcfb2
          Size/MD5:   149344 766dab29f1fd99af475b331440c4c4cc
          Size/MD5:   909576 733c2d21d553061af3bfb4d6792a24d1

Updated packages for Ubuntu 7.04:

  Source archives:

          Size/MD5:   140603 0f1ab4e378c92fb2e12887ec9046e0cc
          Size/MD5:     1295 ee74d8bd01147a16a304705477171875
          Size/MD5:  2971126 c40bcc23fa65908b8d7a86a4a6061251

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   187680 68efce79af7efe0a1d08201060361653
          Size/MD5:   292344 da795196baacdaac42894aa055629bea
          Size/MD5:  1228068 36e10789bdb22aa92428ec6d77d297b7

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   156110 034749aedc798753db0d9541c2c8b74e
          Size/MD5:   267460 f0ffcab028cd2237b6dad5592c454659
          Size/MD5:  1154810 73212a3a90a50d0fa342e886b61993f3

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   203704 6f1d507298df6933ce5ac77fb52ebfb2
          Size/MD5:   294438 882c7302c977a3ef131b217ec8851eb7
          Size/MD5:  1280484 2b30e19235b699552a37db6aaa40e874

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   164430 d2e7b34d207937643dc45a3cdebd7e93
          Size/MD5:   264284 245d63568559de9d2692b59e45a78462
          Size/MD5:  1169954 44205386809e93336c4610c43fda8786

Updated packages for Ubuntu 7.10:

  Source archives:

          Size/MD5:   151903 2cd8ba0d9c70957b9956e427809578b7
          Size/MD5:     1305 57e636f0f209825bdab902f327bc5c9a
          Size/MD5:  2947629 5096146b7a7eb6ce3b0a97549347b5be

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   190006 3163216fad39b4f6f6eeb1d5a7a0dee6
          Size/MD5:   347150 1ee13cb4baf6332cfc41842c56f24cbc
          Size/MD5:  1296380 c833d82c46dcf383895269e4382fdb44

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   155416 a55085d0ddd8c5efcf922cb4654ee432
          Size/MD5:   314722 1e36f20fb6a2c7edf227a32e7c15702d
          Size/MD5:  1216432 1e3cef622a3763e3f52c71cf799caf67

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   205216 25bf9ad7302ac5bfdd7aa17316bbfc7d
          Size/MD5:   345862 3891c829c88334a631e29d3ab65f970e
          Size/MD5:  1345548 2b31e34aeb9db8cf819e5e9f64fb2499

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   166440 9729d0640a24245d806a1eaa4da57e25
          Size/MD5:   306882 7b8e476dcc15ce5d9d7b36de14617559
          Size/MD5:  1229006 496bc48c65314709cb2bb0f2570b7881

Ubuntu: OpenLDAP vulnerabilities

March 5, 2008
Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used

Summary

Update Instructions

References

Severity
Ubuntu Security Notice USN-584-1 March 05, 2008

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved