OpenLDAP vulnerability - Ubuntu

It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

===========================================================
Ubuntu Security Notice USN-858-1          November 12, 2009
openldap2.2 vulnerability
CVE-2009-3767
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS: 
  libldap-2.2-7                   2.2.26-5ubuntu2.9

In general, a standard system upgrade is sufficient to effect the
necessary changes.


 

Posted on: 13/12/2009








0 Comments
If you want to leave a comment please Login or Register