lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NZq37-00013F-MM@titan.mandriva.com>
Date: Tue, 26 Jan 2010 19:22:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:026 ] openldap


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:026
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : openldap
 Date    : January 26, 2010
 Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in openldap:
 
 libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does
 not properly handle a \'\0\' (NUL) character in a domain name in
 the subject's Common Name (CN) field of an X.509 certificate, which
 allows man-in-the-middle attackers to spoof arbitrary SSL servers via
 a crafted certificate issued by a legitimate Certification Authority,
 a related issue to CVE-2009-2408 (CVE-2009-3767).
 
 Packages for 2008.0 are provided for Corporate Desktop 2008.0
 customers.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3767
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 05d27c8e50b79e16c345756251c5e819  2008.0/i586/libldap2.3_0-2.3.38-3.4mdv2008.0.i586.rpm
 c3b564ed72214c88e4f97b754baec0d3  2008.0/i586/libldap2.3_0-devel-2.3.38-3.4mdv2008.0.i586.rpm
 cb184b75f27937fbf10bee2c4526ccb8  2008.0/i586/libldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.i586.rpm
 53a1cb617be31adf8002d03c975242df  2008.0/i586/openldap-2.3.38-3.4mdv2008.0.i586.rpm
 48114cab21906ac3f736d669ea9c1a21  2008.0/i586/openldap-clients-2.3.38-3.4mdv2008.0.i586.rpm
 a16e2a6e65d1f68eea0989590f0057b7  2008.0/i586/openldap-doc-2.3.38-3.4mdv2008.0.i586.rpm
 1184787dc8596fc25c660396d012d6eb  2008.0/i586/openldap-servers-2.3.38-3.4mdv2008.0.i586.rpm
 84c2fe50106a22d3fe27b3cdba4197d9  2008.0/i586/openldap-testprogs-2.3.38-3.4mdv2008.0.i586.rpm
 b3facfc070aee1223d254ec984c61ab7  2008.0/i586/openldap-tests-2.3.38-3.4mdv2008.0.i586.rpm 
 d43ec379be752a4229b996bf0212123e  2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 fd10ca40cbd47ac92f0fb018abeb43b0  2008.0/x86_64/lib64ldap2.3_0-2.3.38-3.4mdv2008.0.x86_64.rpm
 6f70689679ee97a5c0586190b0c14fe3  2008.0/x86_64/lib64ldap2.3_0-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
 804c10f2e0fc978bdaff791fffdf6cb3  2008.0/x86_64/lib64ldap2.3_0-static-devel-2.3.38-3.4mdv2008.0.x86_64.rpm
 2e9eaa2bc8024bab086d6719371c104b  2008.0/x86_64/openldap-2.3.38-3.4mdv2008.0.x86_64.rpm
 a11488a1a69f82d75bd9cbb0162810df  2008.0/x86_64/openldap-clients-2.3.38-3.4mdv2008.0.x86_64.rpm
 2f8a0560815adc858f9751d50154233b  2008.0/x86_64/openldap-doc-2.3.38-3.4mdv2008.0.x86_64.rpm
 82dba0aa278c64c7c588d468b910ed7f  2008.0/x86_64/openldap-servers-2.3.38-3.4mdv2008.0.x86_64.rpm
 37c4c53990d046d55eb37a4c89b41421  2008.0/x86_64/openldap-testprogs-2.3.38-3.4mdv2008.0.x86_64.rpm
 fb880135c85355b26e2769fadacb3563  2008.0/x86_64/openldap-tests-2.3.38-3.4mdv2008.0.x86_64.rpm 
 d43ec379be752a4229b996bf0212123e  2008.0/SRPMS/openldap-2.3.38-3.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 1edb07acb66ec501f451ab12e82c701f  2009.0/i586/libldap2.4_2-2.4.11-3.2mdv2009.0.i586.rpm
 d89cc046166856ec10e6571646efc911  2009.0/i586/libldap2.4_2-devel-2.4.11-3.2mdv2009.0.i586.rpm
 d3895a847d8aad9d09446162b0ffcd8d  2009.0/i586/libldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.i586.rpm
 069829021563439e98d464c942f8b465  2009.0/i586/openldap-2.4.11-3.2mdv2009.0.i586.rpm
 d10c57b7e4b2e47350be4ed9e0653d13  2009.0/i586/openldap-clients-2.4.11-3.2mdv2009.0.i586.rpm
 0e1cdfc7e0de6148feebdc28d7f957a5  2009.0/i586/openldap-doc-2.4.11-3.2mdv2009.0.i586.rpm
 c14ac5126b17775363da034cb68557b0  2009.0/i586/openldap-servers-2.4.11-3.2mdv2009.0.i586.rpm
 07f0a85987bcd586359852b7cad8649d  2009.0/i586/openldap-testprogs-2.4.11-3.2mdv2009.0.i586.rpm
 9a51e08fa565f830672328a0c00fc8e8  2009.0/i586/openldap-tests-2.4.11-3.2mdv2009.0.i586.rpm 
 9cf49efc39d9e3b1e33d815ce4ecbb9b  2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 54e430c0735f09e81cbc01f8d6d2e0cb  2009.0/x86_64/lib64ldap2.4_2-2.4.11-3.2mdv2009.0.x86_64.rpm
 a603ee71bb23a2482ba24d9b5aa0d441  2009.0/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
 d2f3bb877cdbca3a7c19694ddf998f70  2009.0/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdv2009.0.x86_64.rpm
 d5679cdc3fe1a66c67856ff7cc820e97  2009.0/x86_64/openldap-2.4.11-3.2mdv2009.0.x86_64.rpm
 f9e4916cb87578bc2ee52456b1cc8612  2009.0/x86_64/openldap-clients-2.4.11-3.2mdv2009.0.x86_64.rpm
 45c0453372a06e434c92ee6d6e565326  2009.0/x86_64/openldap-doc-2.4.11-3.2mdv2009.0.x86_64.rpm
 3688fdc6044b0c069cfddbcafb8570dd  2009.0/x86_64/openldap-servers-2.4.11-3.2mdv2009.0.x86_64.rpm
 8ccdef4f247693f087b2f8ced9f6df75  2009.0/x86_64/openldap-testprogs-2.4.11-3.2mdv2009.0.x86_64.rpm
 2ff3c40955d05049b1b087fe4a46f470  2009.0/x86_64/openldap-tests-2.4.11-3.2mdv2009.0.x86_64.rpm 
 9cf49efc39d9e3b1e33d815ce4ecbb9b  2009.0/SRPMS/openldap-2.4.11-3.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 b89b2509fe864d9750fef6c49f6c0184  2009.1/i586/libldap2.4_2-2.4.16-1.1mdv2009.1.i586.rpm
 e7e532035891022e817808e983e596a9  2009.1/i586/libldap2.4_2-devel-2.4.16-1.1mdv2009.1.i586.rpm
 b4b6f34878132d1c1c823ef89833e8f8  2009.1/i586/libldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.i586.rpm
 942ed86998426b2b10ec399c3a52b77e  2009.1/i586/openldap-2.4.16-1.1mdv2009.1.i586.rpm
 82cfd7b50e08b313033aa3d3f5fe256b  2009.1/i586/openldap-clients-2.4.16-1.1mdv2009.1.i586.rpm
 9c95fafea86a758a2a6fe4770f125035  2009.1/i586/openldap-doc-2.4.16-1.1mdv2009.1.i586.rpm
 f23ef462351ad9f2a43857591af492c0  2009.1/i586/openldap-servers-2.4.16-1.1mdv2009.1.i586.rpm
 6ac2057dd719078e7f05033c4eeb8244  2009.1/i586/openldap-testprogs-2.4.16-1.1mdv2009.1.i586.rpm
 e9728e9007a3abeaed7b22ea70fde1b1  2009.1/i586/openldap-tests-2.4.16-1.1mdv2009.1.i586.rpm 
 6e7c1810d3fad170498c9b80887104ec  2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 bf51e99f555efe4c1433c61fb1b970a1  2009.1/x86_64/lib64ldap2.4_2-2.4.16-1.1mdv2009.1.x86_64.rpm
 b27971669d145b8d77b422a6239d9c12  2009.1/x86_64/lib64ldap2.4_2-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
 79d8a022b0fc68cac40c3b9c59ee0a94  2009.1/x86_64/lib64ldap2.4_2-static-devel-2.4.16-1.1mdv2009.1.x86_64.rpm
 bd047c1075c1a37885f698ee3262892e  2009.1/x86_64/openldap-2.4.16-1.1mdv2009.1.x86_64.rpm
 9a3062118ab8c405bb059839b98ac85d  2009.1/x86_64/openldap-clients-2.4.16-1.1mdv2009.1.x86_64.rpm
 a14bb0244d99eb101c34da5cd404c323  2009.1/x86_64/openldap-doc-2.4.16-1.1mdv2009.1.x86_64.rpm
 05597018b9ae1a5cd27849f4e2630aa1  2009.1/x86_64/openldap-servers-2.4.16-1.1mdv2009.1.x86_64.rpm
 dc514f10efe28460c2cc9531dd46fded  2009.1/x86_64/openldap-testprogs-2.4.16-1.1mdv2009.1.x86_64.rpm
 99ac81225c652a1e11d6fc0259e79339  2009.1/x86_64/openldap-tests-2.4.16-1.1mdv2009.1.x86_64.rpm 
 6e7c1810d3fad170498c9b80887104ec  2009.1/SRPMS/openldap-2.4.16-1.1mdv2009.1.src.rpm

 Corporate 4.0:
 2680f39542c1a732ddfbf125bdb840ec  corporate/4.0/i586/libldap2.3_0-2.3.27-1.6.20060mlcs4.i586.rpm
 eba24e380a590ccab0c51cebd5a6b2b5  corporate/4.0/i586/libldap2.3_0-devel-2.3.27-1.6.20060mlcs4.i586.rpm
 c09bd1c40966ce05dcb250f60363cff0  corporate/4.0/i586/libldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.i586.rpm
 4b288051aaaae89e4fd51f3e23fff9de  corporate/4.0/i586/openldap-2.3.27-1.6.20060mlcs4.i586.rpm
 4a929338eaf5bdb04753e8e3a9e9a5f2  corporate/4.0/i586/openldap-clients-2.3.27-1.6.20060mlcs4.i586.rpm
 c1466377dd9d3085058a6239afc5c290  corporate/4.0/i586/openldap-doc-2.3.27-1.6.20060mlcs4.i586.rpm
 b3d3da31f572a96f4d206a7dc0024ea7  corporate/4.0/i586/openldap-servers-2.3.27-1.6.20060mlcs4.i586.rpm 
 97589a85f65923d54383b5a6dde41fb2  corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 4d757bcbeff60980e7161905ee84f4f3  corporate/4.0/x86_64/lib64ldap2.3_0-2.3.27-1.6.20060mlcs4.x86_64.rpm
 71a4b1de7f60e959bf293bf97c69b2ff  corporate/4.0/x86_64/lib64ldap2.3_0-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
 f72e33cf6b5c9ce48651ad338c4764b7  corporate/4.0/x86_64/lib64ldap2.3_0-static-devel-2.3.27-1.6.20060mlcs4.x86_64.rpm
 119b451378a0db92afd13ab320ae0780  corporate/4.0/x86_64/openldap-2.3.27-1.6.20060mlcs4.x86_64.rpm
 4ecc97d7aa99bc3ae29d5c5e93283dd1  corporate/4.0/x86_64/openldap-clients-2.3.27-1.6.20060mlcs4.x86_64.rpm
 731857c379ce789f8f495b1d707d7e82  corporate/4.0/x86_64/openldap-doc-2.3.27-1.6.20060mlcs4.x86_64.rpm
 e72705d3d650cf099748091e7293e706  corporate/4.0/x86_64/openldap-servers-2.3.27-1.6.20060mlcs4.x86_64.rpm 
 97589a85f65923d54383b5a6dde41fb2  corporate/4.0/SRPMS/openldap-2.3.27-1.6.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 09d4a893fbfb5aeeaba0d920717e7bf2  mes5/i586/libldap2.4_2-2.4.11-3.2mdvmes5.i586.rpm
 0431d42a2e6355abcb2ac3c06deb5fdf  mes5/i586/libldap2.4_2-devel-2.4.11-3.2mdvmes5.i586.rpm
 fc5961e23f65c182abc7a12bc5d151dd  mes5/i586/libldap2.4_2-static-devel-2.4.11-3.2mdvmes5.i586.rpm
 2972925135a2a05ead56437a9b5419dc  mes5/i586/openldap-2.4.11-3.2mdvmes5.i586.rpm
 f6065831019f66ad751b7ed2d7588685  mes5/i586/openldap-clients-2.4.11-3.2mdvmes5.i586.rpm
 40c97b12b13377de19c00d748714d312  mes5/i586/openldap-doc-2.4.11-3.2mdvmes5.i586.rpm
 30275464184256272fcf7cadea77d090  mes5/i586/openldap-servers-2.4.11-3.2mdvmes5.i586.rpm
 a29701216dc54d9c951a618ace801be8  mes5/i586/openldap-testprogs-2.4.11-3.2mdvmes5.i586.rpm
 853bca2f88cd4764e925fe3392a1ebda  mes5/i586/openldap-tests-2.4.11-3.2mdvmes5.i586.rpm 
 5f0cff3716ac2871124d0d3d24267b4b  mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b5470e8cd7073d008be83c8731b32bd3  mes5/x86_64/lib64ldap2.4_2-2.4.11-3.2mdvmes5.x86_64.rpm
 b4be80b1527524287f36d9f7d829fa13  mes5/x86_64/lib64ldap2.4_2-devel-2.4.11-3.2mdvmes5.x86_64.rpm
 2b8410175476f709bf6a1a54e8f158ff  mes5/x86_64/lib64ldap2.4_2-static-devel-2.4.11-3.2mdvmes5.x86_64.rpm
 597714018771bba7e50aecbf850b19d9  mes5/x86_64/openldap-2.4.11-3.2mdvmes5.x86_64.rpm
 c05436b7c7aca704564d19b656b94d63  mes5/x86_64/openldap-clients-2.4.11-3.2mdvmes5.x86_64.rpm
 05b5482d288d6b877246ca8a7332fd86  mes5/x86_64/openldap-doc-2.4.11-3.2mdvmes5.x86_64.rpm
 deb1329b1735d506be64f7a599e32df1  mes5/x86_64/openldap-servers-2.4.11-3.2mdvmes5.x86_64.rpm
 447c0303692296fde9c5555d782435cb  mes5/x86_64/openldap-testprogs-2.4.11-3.2mdvmes5.x86_64.rpm
 fc597de3166dc25c92b7eada78ebf242  mes5/x86_64/openldap-tests-2.4.11-3.2mdvmes5.x86_64.rpm 
 5f0cff3716ac2871124d0d3d24267b4b  mes5/SRPMS/openldap-2.4.11-3.2mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLXwOHmqjQ0CJFipgRAp7yAJ40umReJDo1Asg6BoihvuXXShK+vACeP+Vx
9jUkR+Zs9Nl7nEVuZXdjAvw=
=Fkxu
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ