lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 02 Dec 2009 22:45:40 +0100
From: Giuseppe Iuculano <>
Subject: [SECURITY] [DSA 1943-1] New openldap2.3/openldap packages fix SSL certificate
 verification weakness

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1943                              Giuseppe Iuculano
December 02, 2009         
- ------------------------------------------------------------------------

Packages       : openldap openldap2.3
Vulnerability  : insufficient input validation
Problem type   : remote
Debian-specific: no
Debian bug     : 553432
CVE ID         : CVE-2009-3767

It was discovered that OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification Authority.

For the oldstable distribution (etch), this problem has been fixed in version
2.3.30-5+etch3 for openldap2.3.

For the stable distribution (lenny), this problem has been fixed in version
2.4.11-1+lenny1 for openldap.

For the testing distribution (squeeze), and the  unstable distribution (sid),
this problem has been fixed in version 2.4.17-2.1 for openldap.

We recommend that you upgrade your openldap2.3/openldap packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips,
mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:  2971126 c40bcc23fa65908b8d7a86a4a6061251
    Size/MD5 checksum:     1214 36efc1cf2a98c54d4b1da0910e273843
    Size/MD5 checksum:   315058 310ce752b78ff3227d78dcd8c1bd60a5

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   293108 2172048d5f8b8b7f379b3414fc5c2e37
    Size/MD5 checksum:  1280772 ab65f162a40607c1787f9b03783a7563
    Size/MD5 checksum:   193768 602a6da790648dd8b0af7d9f386b5c6e

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   285554 42480b47018eb1d70b9e62d05b925a5b
    Size/MD5 checksum:  1244570 b88256f8259516b09c51f166ff6b4aea
    Size/MD5 checksum:   184652 716cc53985a031d1fe03fede778d6ae5

arm architecture (ARM)
    Size/MD5 checksum:  1190314 8686c6a9a9240e6113f92c8bb20d7e1a
    Size/MD5 checksum:   254828 49d9c9a250fb4a5a828de5791ee92380
    Size/MD5 checksum:   155876 bb45d3104fe4b9811fdb3063da42d3b1

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  1307146 698d7416e4cc544522ce2e25ac9c0fce
    Size/MD5 checksum:   292798 eb9d6d19560a1153cc58ccae3f354a4e
    Size/MD5 checksum:   182568 caade74265ee9d7b8ac77c844c23b413

i386 architecture (Intel ia32)
    Size/MD5 checksum:  1177552 f3ccf11b82474593af5e30a272f9edb9
    Size/MD5 checksum:   148744 168e58797e74f9b3b6d3c337b6369ca7
    Size/MD5 checksum:   266538 3be52b8402d06913624a3e808be58ecb

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   239248 78d1537b3a106824ff5d076e828a0312
    Size/MD5 checksum:   379904 dbc96e1a44dce4bb5f79b9c043823293
    Size/MD5 checksum:  1660854 fcc2873ffd50e45c956d9bcc81d83c51

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   258210 298f5a83a1efd8c035644fd58df21f2c
    Size/MD5 checksum:   185598 b6c67ee072f2de03820e7ce11edb39c3
    Size/MD5 checksum:  1205768 3f312958af5ea129384513e5fab72208

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   258852 d7ba57787989e3fb5035fce34b04965d
    Size/MD5 checksum:   187100 46910e3923926ac060c13a7a53f8cac4
    Size/MD5 checksum:  1188878 5698884b42d7206c2b0c134602861354

powerpc architecture (PowerPC)
    Size/MD5 checksum:   188914 e03855167b8e13bdb72e47baa9644f86
    Size/MD5 checksum:   272378 f5741b7ac8f4172e7481f5c2e699231b
    Size/MD5 checksum:  1243754 2a8b933e956e5ac4bc29028688bb09ec

s390 architecture (IBM S/390)
    Size/MD5 checksum:   291822 6b47ac5b7fbc269c1973c494d5dadbc2
    Size/MD5 checksum:   168716 f72b023d98d61565c624f7acbf953baf
    Size/MD5 checksum:  1241532 0167eb506b063de5435181f40c6cf809

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:  1177712 770a58d0c60ad11e5ca4cf25159fe2c7
    Size/MD5 checksum:   153682 d8bf20f2a94456451d4ea29d3237d280
    Size/MD5 checksum:   258560 4bfd77d56852608813f158ecfd91b42b

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64,
mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:   148075 024b717169f42734ee5650ebe2978631
    Size/MD5 checksum:     1831 ca4cb86b4847a59f95275ff2f4d0e173
    Size/MD5 checksum:  4193523 d4e8669e2c9b8d981e371e97e3cf92d9

alpha architecture (DEC Alpha)
    Size/MD5 checksum:  3624752 5b4e467360ecd8cc897b03b5aca57dad
    Size/MD5 checksum:   205526 3b083869976ab4d8d8df69d27fe9480e
    Size/MD5 checksum:   280526 4ed333757fef7e98d89c5edda6589b04
    Size/MD5 checksum:  1537448 98d6aeab748560a491e0b526d930fc0c
    Size/MD5 checksum:  1013148 cc656603f7ae0eacc2b3c22dd1fae967
    Size/MD5 checksum:   285128 e526e547a4af2c13bf3ae90dfdf023a2

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:  1493300 31c077d63cc2ff159927939cadb29808
    Size/MD5 checksum:   299612 e148216f77a9136adb19acd8df026d6d
    Size/MD5 checksum:   267470 f903f46433faa1d2b6b203e50aaed3d8
    Size/MD5 checksum:   881074 de337737dd93af0b81bd90e3c6f23377
    Size/MD5 checksum:  3664994 8ad4581bd54e1ed7a8f3c1c8bf210c17
    Size/MD5 checksum:   204896 c0dba3b62aa14392d29f831d6c87206d

arm architecture (ARM)
    Size/MD5 checksum:   280140 ccaed923684d35304f50f27fc6b868b3
    Size/MD5 checksum:   248918 a08cf9fd18ce8806be437c364179c2b3
    Size/MD5 checksum:   877400 614df898211cc5311a62159f6ee21b93
    Size/MD5 checksum:  1405962 5e1e62d6f0a5984486fa2eaa478eab38
    Size/MD5 checksum:   180520 96b5fe5d50b9a1d59eb5ab03489a1b90
    Size/MD5 checksum:  3572646 a8e804a9e966a57306a9229acd11ff80

hppa architecture (HP PA RISC)
    Size/MD5 checksum:  1533292 8d5c2d83596b10c9d3ee7a4dcb692026
    Size/MD5 checksum:  3619256 2ad8452962291b553fadc8bb6398f834
    Size/MD5 checksum:   200874 27205d8a86701cb133f7507eeef5e76a
    Size/MD5 checksum:   283816 1163f67e39b08c10cf492b24bd526f24
    Size/MD5 checksum:   264158 905749f1e385f9d93c2358b05dc42dfb
    Size/MD5 checksum:   999386 6a071952604a9c30483fca7f3a3754ec

i386 architecture (Intel ia32)
    Size/MD5 checksum:   189442 879dac84b581979646c49bde9743c630
    Size/MD5 checksum:   286808 2dcb4f8e5514d9e4d9072b4853da322d
    Size/MD5 checksum:   892068 449ba5d6037617e4e93dfd6bcb093549
    Size/MD5 checksum:  3560322 c6a6fbc66944bd05585c1065ab012c93
    Size/MD5 checksum:   244952 5a5b31ebb9098059e62eb57d209a6846
    Size/MD5 checksum:  1404266 a3bffb93ec3b0d0d130a6a7e29091a9b

ia64 architecture (Intel ia64)
    Size/MD5 checksum:  3589108 d34afb06a3b21ad7267ef5d31b6ad322
    Size/MD5 checksum:   932026 1194a002673f8a73cf382c2333c7882b
    Size/MD5 checksum:   352020 e40c570396514fee0c6eee3920be2607
    Size/MD5 checksum:   269084 1720388cc8102f33122375034a703a05
    Size/MD5 checksum:   259018 658248f4329555e81896800709302575
    Size/MD5 checksum:  2006532 6ad20563d8999759f32445576fd69856

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:  3712752 8d48a2797c1f4e6b5dea203698e4b31c
    Size/MD5 checksum:   180956 88613b463fcdba79539048ce681d4f5e
    Size/MD5 checksum:   260240 f6fa5402a6fc03aef4b87735030969c5
    Size/MD5 checksum:   854756 76ad64ab6fe85c5bfc654266101e024a
    Size/MD5 checksum:  1394436 4930b2b56c642182c8ccd69d5bc53685
    Size/MD5 checksum:   302106 3672bab4d2c0c037a1d9c0a61fa16139

powerpc architecture (PowerPC)
    Size/MD5 checksum:  3718584 7b120292ce66e7ea85b3ad623da0bb4e
    Size/MD5 checksum:   295146 f131ea5cdbab25c2416ff06f6697bc08
    Size/MD5 checksum:   199248 c683d506deb5fadabea906c9dec36c9f
    Size/MD5 checksum:  1536614 b5c37ae6f72127bdf6910100edeb06e5
    Size/MD5 checksum:   907106 6af4614c092e6ccda8580e6a73cb8728
    Size/MD5 checksum:   284952 b75e2ddab46ddab036ef40b21cec63ee

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:   872178 a7739e034d0df26a69e0cb569802d594
    Size/MD5 checksum:   249022 334ecf73608e20ec6cff79716cf10fde
    Size/MD5 checksum:  1387990 4935db487abd61e04adb3a846ed7aadc
    Size/MD5 checksum:   260980 006fdd6b90293fdf1331442ccabde568
    Size/MD5 checksum:   182822 73c3edfab6b52e772ed36c990c13f210
    Size/MD5 checksum:  3502906 c19b8875ae915cec344bb74a5e462e44

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.10 (GNU/Linux)


Powered by blists - more mailing lists