News

=========================================================== Ubuntu Security Notice USN-584-1 March 05, 2008 openldap2.2, openldap2.3 vulnerabilities CVE-2007-6698, CVE-2008-0658 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: slapd 2.2.26-5ubuntu2.6 Ubuntu 6.10: slapd 2.2.26-5ubuntu3.3 Ubuntu 7.04: slapd 2.3.30-2ubuntu0.2 Ubuntu 7.10: slapd 2.3.35-1ubuntu0.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. (CVE-2007-6698) Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash. (CVE-2007-6698)