lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050721141221.GA7042@piware.de> Date: Thu Jul 21 15:12:28 2005 From: martin.pitt at canonical.com (Martin Pitt) Subject: [USN-152-1] PAM/NSS LDAP vulnerabilitiy =========================================================== Ubuntu Security Notice USN-152-1 July 21, 2005 openldap2, libpam-ldap, libnss-ldap vulnerabilities CAN-2005-2069 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: libnss-ldap libpam-ldap slapd On Ubuntu 4.10, the problem can be corrected by upgrading the affected packages to version 2.1.30-2ubuntu4.1 (slapd), 164-2ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap). On Ubuntu 5.04, the problem can be corrected by upgrading the affected packages to version 2.1.30-3ubuntu3.1 (slapd), 169-1ubuntu0.1 (libpam-ldap), and 220-1ubuntu0.1 (libnss-ldap). In general, a standard system upgrade is sufficient to effect the necessary changes. (Please note that libnss-ldap and libpam-ldap are not officially supported by Ubuntu, they are in the "universe" suite of the archive.) Details follow: Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and libnss-ldap. When a client connected to a slave LDAP server using SSL, the slave server did not use SSL as well when contacting the LDAP master server. This caused passwords and other confident information to be transmitted unencrypted between the slave and the master. Updated packages for Ubuntu 4.10 (Warty Warthog): Source archives: http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1.diff.gz Size/MD5: 40012 180bfdaf8ddf765fbffd5a671c2e08e5 http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1.dsc Size/MD5: 687 6b1c2784a1033e5ec81903976c950331 http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211.orig.tar.gz Size/MD5: 221013 34adcab5d46a436617ae686cc7c5e78f http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1.diff.gz Size/MD5: 31544 8d085bc008fe5ac70b2a0ad6d56f92f8 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1.dsc Size/MD5: 678 da1e9384d50f7b968adf547d829b7315 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164.orig.tar.gz Size/MD5: 116873 0b5d6ef6735480210d27a3d969f59e12 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-2ubuntu4.1.diff.gz Size/MD5: 116650 89863ef77edba510914cfdad0d3348ef http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-2ubuntu4.1.dsc Size/MD5: 971 a430e9d325011aa5707b511f64d239dd http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30.orig.tar.gz Size/MD5: 2044673 e2ae8148c4bed07d7a70edd930bdc403 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2.1.30-2ubuntu4.1_all.deb Size/MD5: 71854 f2b7772fa613690daa5eb85afcd13a34 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_amd64.deb Size/MD5: 125906 79af7aa37ff71b874214b90ee9ecae1e http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_amd64.deb Size/MD5: 360024 986821f16397c44875c6f9631e376620 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_amd64.deb Size/MD5: 308242 d4047e25be22bcf3064f3401d3827a4f http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_amd64.deb Size/MD5: 69096 4dce5370da2e0f675d274801f993ac05 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_amd64.deb Size/MD5: 49546 bdda10f11dae5c0eb89aae5dcb58f17d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_amd64.deb Size/MD5: 1000922 d0cccba6c649de288204b677c051763c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_i386.deb Size/MD5: 111448 146b9142a0148940068a0e583c0f05bd http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_i386.deb Size/MD5: 316880 5828ac19e41a9dfd6f42acc754cb3c5d http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_i386.deb Size/MD5: 283620 2750618047fc01d8393a773caea6ee4f http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_i386.deb Size/MD5: 67978 a2a3f9a58c2a01b9e03f8f7e28575b80 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_i386.deb Size/MD5: 49208 cd423f7aa2211f49110913d661f9effe http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_i386.deb Size/MD5: 902696 5acca424b573c4359cfd26e41677ce0c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-2ubuntu4.1_powerpc.deb Size/MD5: 127948 1a88da127a39484da2c2d0fb782ae0ac http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-2ubuntu4.1_powerpc.deb Size/MD5: 371714 e3579e3bedba4e79e4817178aae191de http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-2ubuntu4.1_powerpc.deb Size/MD5: 301834 207ffdaf7d6a59efeed541c1186826be http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_211-4ubuntu0.1_powerpc.deb Size/MD5: 70402 4dd21e0f29aacf85c3e8caef7ac04ccb http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_164-2ubuntu0.1_powerpc.deb Size/MD5: 49762 c10ceae89d679444cab7d150d709d09c http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-2ubuntu4.1_powerpc.deb Size/MD5: 975904 b3c3f67196e71eb563e501f55bc97dd8 Updated packages for Ubuntu 5.04 (Hoary Hedgehog): Source archives: http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1.diff.gz Size/MD5: 26873 59ccd69249e345d2f535a4b6bdf323dd http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1.dsc Size/MD5: 687 660f621b904c8cc6db16a1027bca370c http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220.orig.tar.gz Size/MD5: 204826 d401485fcabf4ea40d244c2c9a19247e http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1.diff.gz Size/MD5: 26203 f6618a137174a52f3eaa2c6dc357b434 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1.dsc Size/MD5: 678 ba2b65635fcc64aefc6a12c2c90b3bd0 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169.orig.tar.gz Size/MD5: 119817 62abfe9c5d62e7d112c12d0e5863129f http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.1.diff.gz Size/MD5: 117295 743d542b68dd5d743527ac15500b8b51 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30-3ubuntu3.1.dsc Size/MD5: 988 abcae0bb7933a4634c0562c41b17a4d5 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/openldap2_2.1.30.orig.tar.gz Size/MD5: 2044673 e2ae8148c4bed07d7a70edd930bdc403 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libslapd2-dev_2.1.30-3ubuntu3.1_all.deb Size/MD5: 72308 60a8341fad6776f7da90291b0c0a41e5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_amd64.deb Size/MD5: 126282 504170293b367b3d3960c19619386368 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_amd64.deb Size/MD5: 361172 fc2aaa72ddc00c7ea6e9118d18532672 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_amd64.deb Size/MD5: 309092 62bb57d16d2e0b7ef505d9023eacc687 http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_amd64.deb Size/MD5: 74590 f1087a8146dd42601bbc990f8d1c755d http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_amd64.deb Size/MD5: 52078 6057c9f1597d80a2c162837b25f2e9a7 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_amd64.deb Size/MD5: 1087990 a8a2b8b425be64cb3fcf5a32a8d83416 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_i386.deb Size/MD5: 110644 d52d6dd0c45e8532c6170ddf1a52f19c http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_i386.deb Size/MD5: 317990 4e54bf4ec7dc799de00bf8bf0711bded http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_i386.deb Size/MD5: 284484 89c8c1a89831713025896642ccccd900 http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_i386.deb Size/MD5: 73536 ed6ee791428191886b86d29063997565 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_i386.deb Size/MD5: 51670 384be799688e0277feb86b4508288699 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_i386.deb Size/MD5: 979238 3e2fad1ffb1b9d7eac366467da98e3ce powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/ldap-utils_2.1.30-3ubuntu3.1_powerpc.deb Size/MD5: 129544 bb935cbb6fc5e7670646607d0c481ff6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2-dev_2.1.30-3ubuntu3.1_powerpc.deb Size/MD5: 373102 fbd4736d7f2167db5a204609f08076e6 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/libldap2_2.1.30-3ubuntu3.1_powerpc.deb Size/MD5: 302728 8e97eb53df941a8d4546f3de39477aa7 http://security.ubuntu.com/ubuntu/pool/universe/libn/libnss-ldap/libnss-ldap_220-1ubuntu0.1_powerpc.deb Size/MD5: 75784 8d77afd6f2a602294cc1d953b9995c38 http://security.ubuntu.com/ubuntu/pool/universe/libp/libpam-ldap/libpam-ldap_169-1ubuntu0.1_powerpc.deb Size/MD5: 52180 40ef599a113e873a235b76f315a444d2 http://security.ubuntu.com/ubuntu/pool/main/o/openldap2/slapd_2.1.30-3ubuntu3.1_powerpc.deb Size/MD5: 1058104 59a515083487c2218c4acefb99bee97d -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050721/21383406/attachment.bin
Powered by blists - more mailing lists