[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY] [DSA 1943-1] New openldap2.3/openldap packages fix SSL certificate verification weakness



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1943                  security@xxxxxxxxxx
http://www.debian.org/security/                      Giuseppe Iuculano
December 02, 2009                   http://www.debian.org/security/faq
- ------------------------------------------------------------------------


Packages       : openldap openldap2.3
Vulnerability  : insufficient input validation
Problem type   : remote
Debian-specific: no
Debian bug     : 553432
CVE ID         : CVE-2009-3767

It was discovered that OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification Authority.

For the oldstable distribution (etch), this problem has been fixed in version
2.3.30-5+etch3 for openldap2.3.

For the stable distribution (lenny), this problem has been fixed in version
2.4.11-1+lenny1 for openldap.

For the testing distribution (squeeze), and the  unstable distribution (sid),
this problem has been fixed in version 2.4.17-2.1 for openldap.


We recommend that you upgrade your openldap2.3/openldap packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,
mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30.orig.tar.gz
    Size/MD5 checksum:  2971126 c40bcc23fa65908b8d7a86a4a6061251

http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.dsc
    Size/MD5 checksum:     1214 36efc1cf2a98c54d4b1da0910e273843

http://security.debian.org/pool/updates/main/o/openldap2.3/openldap2.3_2.3.30-5+etch3.diff.gz
    Size/MD5 checksum:   315058 310ce752b78ff3227d78dcd8c1bd60a5

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_alpha.deb
    Size/MD5 checksum:   293108 2172048d5f8b8b7f379b3414fc5c2e37

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_alpha.deb
    Size/MD5 checksum:  1280772 ab65f162a40607c1787f9b03783a7563

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_alpha.deb
    Size/MD5 checksum:   193768 602a6da790648dd8b0af7d9f386b5c6e

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_amd64.deb
    Size/MD5 checksum:   285554 42480b47018eb1d70b9e62d05b925a5b

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_amd64.deb
    Size/MD5 checksum:  1244570 b88256f8259516b09c51f166ff6b4aea

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_amd64.deb
    Size/MD5 checksum:   184652 716cc53985a031d1fe03fede778d6ae5

arm architecture (ARM)


http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_arm.deb
    Size/MD5 checksum:  1190314 8686c6a9a9240e6113f92c8bb20d7e1a

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_arm.deb
    Size/MD5 checksum:   254828 49d9c9a250fb4a5a828de5791ee92380

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_arm.deb
    Size/MD5 checksum:   155876 bb45d3104fe4b9811fdb3063da42d3b1

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_hppa.deb
    Size/MD5 checksum:  1307146 698d7416e4cc544522ce2e25ac9c0fce

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_hppa.deb
    Size/MD5 checksum:   292798 eb9d6d19560a1153cc58ccae3f354a4e

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_hppa.deb
    Size/MD5 checksum:   182568 caade74265ee9d7b8ac77c844c23b413

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_i386.deb
    Size/MD5 checksum:  1177552 f3ccf11b82474593af5e30a272f9edb9

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_i386.deb
    Size/MD5 checksum:   148744 168e58797e74f9b3b6d3c337b6369ca7

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_i386.deb
    Size/MD5 checksum:   266538 3be52b8402d06913624a3e808be58ecb

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_ia64.deb
    Size/MD5 checksum:   239248 78d1537b3a106824ff5d076e828a0312

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_ia64.deb
    Size/MD5 checksum:   379904 dbc96e1a44dce4bb5f79b9c043823293

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_ia64.deb
    Size/MD5 checksum:  1660854 fcc2873ffd50e45c956d9bcc81d83c51

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mips.deb
    Size/MD5 checksum:   258210 298f5a83a1efd8c035644fd58df21f2c

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mips.deb
    Size/MD5 checksum:   185598 b6c67ee072f2de03820e7ce11edb39c3

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mips.deb
    Size/MD5 checksum:  1205768 3f312958af5ea129384513e5fab72208

mipsel architecture (MIPS (Little Endian))


http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_mipsel.deb
    Size/MD5 checksum:   258852 d7ba57787989e3fb5035fce34b04965d

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_mipsel.deb
    Size/MD5 checksum:   187100 46910e3923926ac060c13a7a53f8cac4

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_mipsel.deb
    Size/MD5 checksum:  1188878 5698884b42d7206c2b0c134602861354

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_powerpc.deb
    Size/MD5 checksum:   188914 e03855167b8e13bdb72e47baa9644f86

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_powerpc.deb
    Size/MD5 checksum:   272378 f5741b7ac8f4172e7481f5c2e699231b

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_powerpc.deb
    Size/MD5 checksum:  1243754 2a8b933e956e5ac4bc29028688bb09ec

s390 architecture (IBM S/390)


http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_s390.deb
    Size/MD5 checksum:   291822 6b47ac5b7fbc269c1973c494d5dadbc2

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_s390.deb
    Size/MD5 checksum:   168716 f72b023d98d61565c624f7acbf953baf

http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_s390.deb
    Size/MD5 checksum:  1241532 0167eb506b063de5435181f40c6cf809

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/o/openldap2.3/slapd_2.3.30-5+etch3_sparc.deb
    Size/MD5 checksum:  1177712 770a58d0c60ad11e5ca4cf25159fe2c7

http://security.debian.org/pool/updates/main/o/openldap2.3/ldap-utils_2.3.30-5+etch3_sparc.deb
    Size/MD5 checksum:   153682 d8bf20f2a94456451d4ea29d3237d280

http://security.debian.org/pool/updates/main/o/openldap2.3/libldap-2.3-0_2.3.30-5+etch3_sparc.deb
    Size/MD5 checksum:   258560 4bfd77d56852608813f158ecfd91b42b


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.

Source archives:


http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.diff.gz
    Size/MD5 checksum:   148075 024b717169f42734ee5650ebe2978631

http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11-1+lenny1.dsc
    Size/MD5 checksum:     1831 ca4cb86b4847a59f95275ff2f4d0e173

http://security.debian.org/pool/updates/main/o/openldap/openldap_2.4.11.orig.tar.gz
    Size/MD5 checksum:  4193523 d4e8669e2c9b8d981e371e97e3cf92d9

alpha architecture (DEC Alpha)


http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:  3624752 5b4e467360ecd8cc897b03b5aca57dad

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:   205526 3b083869976ab4d8d8df69d27fe9480e

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:   280526 4ed333757fef7e98d89c5edda6589b04

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:  1537448 98d6aeab748560a491e0b526d930fc0c

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:  1013148 cc656603f7ae0eacc2b3c22dd1fae967

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_alpha.deb
    Size/MD5 checksum:   285128 e526e547a4af2c13bf3ae90dfdf023a2

amd64 architecture (AMD x86_64 (AMD64))


http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:  1493300 31c077d63cc2ff159927939cadb29808

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:   299612 e148216f77a9136adb19acd8df026d6d

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:   267470 f903f46433faa1d2b6b203e50aaed3d8

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:   881074 de337737dd93af0b81bd90e3c6f23377

http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:  3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_amd64.deb
    Size/MD5 checksum:   204896 c0dba3b62aa14392d29f831d6c87206d

arm architecture (ARM)


http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:   280140 ccaed923684d35304f50f27fc6b868b3

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:   248918 a08cf9fd18ce8806be437c364179c2b3

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:   877400 614df898211cc5311a62159f6ee21b93

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:  1405962 5e1e62d6f0a5984486fa2eaa478eab38

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:   180520 96b5fe5d50b9a1d59eb5ab03489a1b90

http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_arm.deb
    Size/MD5 checksum:  3572646 a8e804a9e966a57306a9229acd11ff80

hppa architecture (HP PA RISC)


http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:  1533292 8d5c2d83596b10c9d3ee7a4dcb692026

http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:  3619256 2ad8452962291b553fadc8bb6398f834

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:   200874 27205d8a86701cb133f7507eeef5e76a

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:   283816 1163f67e39b08c10cf492b24bd526f24

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:   264158 905749f1e385f9d93c2358b05dc42dfb

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_hppa.deb
    Size/MD5 checksum:   999386 6a071952604a9c30483fca7f3a3754ec

i386 architecture (Intel ia32)


http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:   189442 879dac84b581979646c49bde9743c630

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:   286808 2dcb4f8e5514d9e4d9072b4853da322d

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:   892068 449ba5d6037617e4e93dfd6bcb093549

http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:  3560322 c6a6fbc66944bd05585c1065ab012c93

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:   244952 5a5b31ebb9098059e62eb57d209a6846

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_i386.deb
    Size/MD5 checksum:  1404266 a3bffb93ec3b0d0d130a6a7e29091a9b

ia64 architecture (Intel ia64)


http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:  3589108 d34afb06a3b21ad7267ef5d31b6ad322

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:   932026 1194a002673f8a73cf382c2333c7882b

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:   352020 e40c570396514fee0c6eee3920be2607

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:   269084 1720388cc8102f33122375034a703a05

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:   259018 658248f4329555e81896800709302575

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_ia64.deb
    Size/MD5 checksum:  2006532 6ad20563d8999759f32445576fd69856

mips architecture (MIPS (Big Endian))


http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:  3712752 8d48a2797c1f4e6b5dea203698e4b31c

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:   180956 88613b463fcdba79539048ce681d4f5e

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:   260240 f6fa5402a6fc03aef4b87735030969c5

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:   854756 76ad64ab6fe85c5bfc654266101e024a

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:  1394436 4930b2b56c642182c8ccd69d5bc53685

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_mips.deb
    Size/MD5 checksum:   302106 3672bab4d2c0c037a1d9c0a61fa16139

powerpc architecture (PowerPC)


http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:  3718584 7b120292ce66e7ea85b3ad623da0bb4e

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:   295146 f131ea5cdbab25c2416ff06f6697bc08

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:   199248 c683d506deb5fadabea906c9dec36c9f

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:  1536614 b5c37ae6f72127bdf6910100edeb06e5

http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:   907106 6af4614c092e6ccda8580e6a73cb8728

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_powerpc.deb
    Size/MD5 checksum:   284952 b75e2ddab46ddab036ef40b21cec63ee

sparc architecture (Sun SPARC/UltraSPARC)


http://security.debian.org/pool/updates/main/o/openldap/libldap2-dev_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:   872178 a7739e034d0df26a69e0cb569802d594

http://security.debian.org/pool/updates/main/o/openldap/ldap-utils_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:   249022 334ecf73608e20ec6cff79716cf10fde

http://security.debian.org/pool/updates/main/o/openldap/slapd_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:  1387990 4935db487abd61e04adb3a846ed7aadc

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2-dbg_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:   260980 006fdd6b90293fdf1331442ccabde568

http://security.debian.org/pool/updates/main/o/openldap/libldap-2.4-2_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:   182822 73c3edfab6b52e772ed36c990c13f210

http://security.debian.org/pool/updates/main/o/openldap/slapd-dbg_2.4.11-1+lenny1_sparc.deb
    Size/MD5 checksum:  3502906 c19b8875ae915cec344bb74a5e462e44


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAksW4AQACgkQNxpp46476aqFDwCfZRJ0eCTLZ7Wvra3eWlaVIVsK
mWIAniapjMkolimxTFStHJO6vlEk4Fnj
=WbVZ
-----END PGP SIGNATURE-----