[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ MDVSA-2010:026 ] openldap
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: [ MDVSA-2010:026 ] openldap
- From: security@xxxxxxxxxxxx
- Date: Tue, 26 Jan 2010 19:22:01 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:026
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openldap
Date : January 26, 2010
Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in openldap:
libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does
not properly handle a \'\0\' (NUL) character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority,
a related issue to CVE-2009-2408 (CVE-2009-3767).
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
05d27c8e50b79e16c345756251c5e819
2008.0/i586/libldap2.3_0-2.3.38-3.4mdv2008.0.i586.rpm
c3b564ed72214c88e4f97b754baec0d3
2008.0/i586/libldap2.3_0-devel-2.3.38-3.4mdv2008.0.i586.rpm
cb184b75f27937fbf10bee2c4526ccb8
2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.i586.rpm
53a1cb617be31adf8002d03c975242df
2008.0/i586/openldap-2.3.38-3.4mdv2008.0.i586.rpm
48114cab21906ac3f736d669ea9c1a21
2008.0/i586/openldap-clients-2.3.38-3.4mdv2008.0.i586.rpm
a16e2a6e65d1f68eea0989590f0057b7
2008.0/i586/openldap-doc-2.3.38-3.4mdv2008.0.i586.rpm
1184787dc8596fc25c660396d012d6eb
2008.0/i586/openldap-servers-2.3.38-3.4mdv2008.0.i586.rpm
84c2fe50106a22d3fe27b3cdba4197d9
2008.0/i586/openldap-testprogs-2.3.38-3.4mdv2008.0.i586.rpm
b3facfc070aee1223d254ec984c61ab7
2008.0/i586/openldap-tests-2.3.38-3.4mdv2008.0.i586.rpm
d43ec379be752a4229b996bf0212123e
2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
fd10ca40cbd47ac92f0fb018abeb43b0
2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.4mdv2008.0.x86_64.rpm
6f70689679ee97a5c0586190b0c14fe3
2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
804c10f2e0fc978bdaff791fffdf6cb3
2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
2e9eaa2bc8024bab086d6719371c104b
2008.0/x86_64/openldap-2.3.38-3.4mdv2008.0.x86_64.rpm
a11488a1a69f82d75bd9cbb0162810df
2008.0/x86_64/openldap-clients-2.3.38-3.4mdv2008.0.x86_64.rpm
2f8a0560815adc858f9751d50154233b
2008.0/x86_64/openldap-doc-2.3.38-3.4mdv2008.0.x86_64.rpm
82dba0aa278c64c7c588d468b910ed7f
2008.0/x86_64/openldap-servers-2.3.38-3.4mdv2008.0.x86_64.rpm
37c4c53990d046d55eb37a4c89b41421
2008.0/x86_64/openldap-testprogs-2.3.38-3.4mdv2008.0.x86_64.rpm
fb880135c85355b26e2769fadacb3563
2008.0/x86_64/openldap-tests-2.3.38-3.4mdv2008.0.x86_64.rpm
d43ec379be752a4229b996bf0212123e
2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm
Mandriva Linux 2009.0:
1edb07acb66ec501f451ab12e82c701f
2009.0/i586/libldap2.4_2-2.4.11-3.2mdv2009.0.i586.rpm
d89cc046166856ec10e6571646efc911
2009.0/i586/libldap2.4_2-devel-2.4.11-3.2mdv2009.0.i586.rpm
d3895a847d8aad9d09446162b0ffcd8d
2009.0/i586/libldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.i586.rpm
069829021563439e98d464c942f8b465
2009.0/i586/openldap-2.4.11-3.2mdv2009.0.i586.rpm
d10c57b7e4b2e47350be4ed9e0653d13
2009.0/i586/openldap-clients-2.4.11-3.2mdv2009.0.i586.rpm
0e1cdfc7e0de6148feebdc28d7f957a5
2009.0/i586/openldap-doc-2.4.11-3.2mdv2009.0.i586.rpm
c14ac5126b17775363da034cb68557b0
2009.0/i586/openldap-servers-2.4.11-3.2mdv2009.0.i586.rpm
07f0a85987bcd586359852b7cad8649d
2009.0/i586/openldap-testprogs-2.4.11-3.2mdv2009.0.i586.rpm
9a51e08fa565f830672328a0c00fc8e8
2009.0/i586/openldap-tests-2.4.11-3.2mdv2009.0.i586.rpm
9cf49efc39d9e3b1e33d815ce4ecbb9b
2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
54e430c0735f09e81cbc01f8d6d2e0cb
2009.0/x86_64/lib64ldap2.4_2-2.4.11-3.2mdv2009.0.x86_64.rpm
a603ee71bb23a2482ba24d9b5aa0d441
2009.0/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
d2f3bb877cdbca3a7c19694ddf998f70
2009.0/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
d5679cdc3fe1a66c67856ff7cc820e97
2009.0/x86_64/openldap-2.4.11-3.2mdv2009.0.x86_64.rpm
f9e4916cb87578bc2ee52456b1cc8612
2009.0/x86_64/openldap-clients-2.4.11-3.2mdv2009.0.x86_64.rpm
45c0453372a06e434c92ee6d6e565326
2009.0/x86_64/openldap-doc-2.4.11-3.2mdv2009.0.x86_64.rpm
3688fdc6044b0c069cfddbcafb8570dd
2009.0/x86_64/openldap-servers-2.4.11-3.2mdv2009.0.x86_64.rpm
8ccdef4f247693f087b2f8ced9f6df75
2009.0/x86_64/openldap-testprogs-2.4.11-3.2mdv2009.0.x86_64.rpm
2ff3c40955d05049b1b087fe4a46f470
2009.0/x86_64/openldap-tests-2.4.11-3.2mdv2009.0.x86_64.rpm
9cf49efc39d9e3b1e33d815ce4ecbb9b
2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
b89b2509fe864d9750fef6c49f6c0184
2009.1/i586/libldap2.4_2-2.4.16-1.1mdv2009.1.i586.rpm
e7e532035891022e817808e983e596a9
2009.1/i586/libldap2.4_2-devel-2.4.16-1.1mdv2009.1.i586.rpm
b4b6f34878132d1c1c823ef89833e8f8
2009.1/i586/libldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.i586.rpm
942ed86998426b2b10ec399c3a52b77e
2009.1/i586/openldap-2.4.16-1.1mdv2009.1.i586.rpm
82cfd7b50e08b313033aa3d3f5fe256b
2009.1/i586/openldap-clients-2.4.16-1.1mdv2009.1.i586.rpm
9c95fafea86a758a2a6fe4770f125035
2009.1/i586/openldap-doc-2.4.16-1.1mdv2009.1.i586.rpm
f23ef462351ad9f2a43857591af492c0
2009.1/i586/openldap-servers-2.4.16-1.1mdv2009.1.i586.rpm
6ac2057dd719078e7f05033c4eeb8244
2009.1/i586/openldap-testprogs-2.4.16-1.1mdv2009.1.i586.rpm
e9728e9007a3abeaed7b22ea70fde1b1
2009.1/i586/openldap-tests-2.4.16-1.1mdv2009.1.i586.rpm
6e7c1810d3fad170498c9b80887104ec
2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
bf51e99f555efe4c1433c61fb1b970a1
2009.1/x86_64/lib64ldap2.4_2-2.4.16-1.1mdv2009.1.x86_64.rpm
b27971669d145b8d77b422a6239d9c12
2009.1/x86_64/lib64ldap2.4_2-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
79d8a022b0fc68cac40c3b9c59ee0a94
2009.1/x86_64/lib64ldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
bd047c1075c1a37885f698ee3262892e
2009.1/x86_64/openldap-2.4.16-1.1mdv2009.1.x86_64.rpm
9a3062118ab8c405bb059839b98ac85d
2009.1/x86_64/openldap-clients-2.4.16-1.1mdv2009.1.x86_64.rpm
a14bb0244d99eb101c34da5cd404c323
2009.1/x86_64/openldap-doc-2.4.16-1.1mdv2009.1.x86_64.rpm
05597018b9ae1a5cd27849f4e2630aa1
2009.1/x86_64/openldap-servers-2.4.16-1.1mdv2009.1.x86_64.rpm
dc514f10efe28460c2cc9531dd46fded
2009.1/x86_64/openldap-testprogs-2.4.16-1.1mdv2009.1.x86_64.rpm
99ac81225c652a1e11d6fc0259e79339
2009.1/x86_64/openldap-tests-2.4.16-1.1mdv2009.1.x86_64.rpm
6e7c1810d3fad170498c9b80887104ec
2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm
Corporate 4.0:
2680f39542c1a732ddfbf125bdb840ec
corporate/4.0/i586/libldap2.3_0-2.3.27-1.6.20060mlcs4.i586.rpm
eba24e380a590ccab0c51cebd5a6b2b5
corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.6.20060mlcs4.i586.rpm
c09bd1c40966ce05dcb250f60363cff0
corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.i586.rpm
4b288051aaaae89e4fd51f3e23fff9de
corporate/4.0/i586/openldap-2.3.27-1.6.20060mlcs4.i586.rpm
4a929338eaf5bdb04753e8e3a9e9a5f2
corporate/4.0/i586/openldap-clients-2.3.27-1.6.20060mlcs4.i586.rpm
c1466377dd9d3085058a6239afc5c290
corporate/4.0/i586/openldap-doc-2.3.27-1.6.20060mlcs4.i586.rpm
b3d3da31f572a96f4d206a7dc0024ea7
corporate/4.0/i586/openldap-servers-2.3.27-1.6.20060mlcs4.i586.rpm
97589a85f65923d54383b5a6dde41fb2
corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
4d757bcbeff60980e7161905ee84f4f3
corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.6.20060mlcs4.x86_64.rpm
71a4b1de7f60e959bf293bf97c69b2ff
corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
f72e33cf6b5c9ce48651ad338c4764b7
corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
119b451378a0db92afd13ab320ae0780
corporate/4.0/x86_64/openldap-2.3.27-1.6.20060mlcs4.x86_64.rpm
4ecc97d7aa99bc3ae29d5c5e93283dd1
corporate/4.0/x86_64/openldap-clients-2.3.27-1.6.20060mlcs4.x86_64.rpm
731857c379ce789f8f495b1d707d7e82
corporate/4.0/x86_64/openldap-doc-2.3.27-1.6.20060mlcs4.x86_64.rpm
e72705d3d650cf099748091e7293e706
corporate/4.0/x86_64/openldap-servers-2.3.27-1.6.20060mlcs4.x86_64.rpm
97589a85f65923d54383b5a6dde41fb2
corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
09d4a893fbfb5aeeaba0d920717e7bf2
mes5/i586/libldap2.4_2-2.4.11-3.2mdvmes5.i586.rpm
0431d42a2e6355abcb2ac3c06deb5fdf
mes5/i586/libldap2.4_2-devel-2.4.11-3.2mdvmes5.i586.rpm
fc5961e23f65c182abc7a12bc5d151dd
mes5/i586/libldap2.4_2-static-devel-2.4.11-3.2mdvmes5.i586.rpm
2972925135a2a05ead56437a9b5419dc mes5/i586/openldap-2.4.11-3.2mdvmes5.i586.rpm
f6065831019f66ad751b7ed2d7588685
mes5/i586/openldap-clients-2.4.11-3.2mdvmes5.i586.rpm
40c97b12b13377de19c00d748714d312
mes5/i586/openldap-doc-2.4.11-3.2mdvmes5.i586.rpm
30275464184256272fcf7cadea77d090
mes5/i586/openldap-servers-2.4.11-3.2mdvmes5.i586.rpm
a29701216dc54d9c951a618ace801be8
mes5/i586/openldap-testprogs-2.4.11-3.2mdvmes5.i586.rpm
853bca2f88cd4764e925fe3392a1ebda
mes5/i586/openldap-tests-2.4.11-3.2mdvmes5.i586.rpm
5f0cff3716ac2871124d0d3d24267b4b mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
b5470e8cd7073d008be83c8731b32bd3
mes5/x86_64/lib64ldap2.4_2-2.4.11-3.2mdvmes5.x86_64.rpm
b4be80b1527524287f36d9f7d829fa13
mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdvmes5.x86_64.rpm
2b8410175476f709bf6a1a54e8f158ff
mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdvmes5.x86_64.rpm
597714018771bba7e50aecbf850b19d9
mes5/x86_64/openldap-2.4.11-3.2mdvmes5.x86_64.rpm
c05436b7c7aca704564d19b656b94d63
mes5/x86_64/openldap-clients-2.4.11-3.2mdvmes5.x86_64.rpm
05b5482d288d6b877246ca8a7332fd86
mes5/x86_64/openldap-doc-2.4.11-3.2mdvmes5.x86_64.rpm
deb1329b1735d506be64f7a599e32df1
mes5/x86_64/openldap-servers-2.4.11-3.2mdvmes5.x86_64.rpm
447c0303692296fde9c5555d782435cb
mes5/x86_64/openldap-testprogs-2.4.11-3.2mdvmes5.x86_64.rpm
fc597de3166dc25c92b7eada78ebf242
mes5/x86_64/openldap-tests-2.4.11-3.2mdvmes5.x86_64.rpm
5f0cff3716ac2871124d0d3d24267b4b mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx
9jUkR+Zs9Nl7nEVuZXdjAvw=
=Fkxu
-----END PGP SIGNATURE-----