[SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit
Date: Mon, 13 Jan 2003 16:07:32 +0100 (CET)
From: (Martin Schulze) <[email protected]>
To: [email protected]
Subject: [SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 227-1 [email protected]
http://www.debian.org/security/ Martin Schulze
January, 13th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : openldap2
Vulnerability : buffer overflows and other bugs
Problem-Type : local, remote
Debian-specific: no
CVE Id : CAN-2002-1378 CAN-2002-1379
BugTraq Id : 6328
The SuSE Security Team reviewed critical parts of openldap2, an
implementation of the Lightweight Directory Access Protocol (LDAP)
version 2 and 3, and found several buffer overflows and other bugs
remote attackers could exploit to gain access on systems running
vulnerable LDAP servers. In addition to these bugs, various local
exploitable bugs within the OpenLDAP2 libraries have been fixed.
For the current stable distribution (woody) these problems have been
fixed in version 2.0.23-6.3.
The old stable distribution (potato) does not contain OpenLDAP2
packages.
For the unstable distribution (sid) these problems have been fixed in
version 2.0.27-3.
We recommend that you upgrade your openldap2 packages.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.dsc
Size/MD5 checksum: 763 45168fb49d17bcbefc2d920400705ac1
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23-6.3.diff.gz
Size/MD5 checksum: 20913 f0fa8fa225ccd5ce44504811511c9ad4
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.23.orig.tar.gz
Size/MD5 checksum: 1302928 d13cfded502c7d2b43b3c42b4e6dd599
Alpha architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_alpha.deb
Size/MD5 checksum: 87630 29068d6586e62aa8141995d19d85b5f2
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_alpha.deb
Size/MD5 checksum: 113812 ffe2c1b7afd49bbd45143b4d2c5738a3
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_alpha.deb
Size/MD5 checksum: 213992 5a20e5fa07a7e64c501fce960bafb00d
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_alpha.deb
Size/MD5 checksum: 1833542 4554c75be54f37f98062874c1fd05ef3
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_alpha.deb
Size/MD5 checksum: 806478 e3ebfb7fefffdebdfc48127c53989b5a
ARM architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_arm.deb
Size/MD5 checksum: 65998 395356a67fc07a37cb7ff83e4f433f08
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_arm.deb
Size/MD5 checksum: 90090 2d6582bca66d8d4975767e9143610617
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_arm.deb
Size/MD5 checksum: 183032 202e9ee365ea54dab60b7b827d47b759
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_arm.deb
Size/MD5 checksum: 1789034 7144479db1c2c8433fcd89ee6b1cd693
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_arm.deb
Size/MD5 checksum: 672624 d93eddf64b805fe8ad456e1abb477237
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_i386.deb
Size/MD5 checksum: 65232 423b8b0b3fd8a09ef365d4ec25023d26
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_i386.deb
Size/MD5 checksum: 86350 0bc201b83a18897972cecccb37beba0b
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_i386.deb
Size/MD5 checksum: 172742 2222f508b8f6b0cf808ece56cfd639e9
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_i386.deb
Size/MD5 checksum: 1732946 1f98f56fb5b0215788c9581cc330a77a
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_i386.deb
Size/MD5 checksum: 606922 42fc1c90d802d9bc155094cd2c5b3a05
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_ia64.deb
Size/MD5 checksum: 97926 102155513b8228429771ede0d79ba286
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_ia64.deb
Size/MD5 checksum: 130370 c200491173f802aa79f18f6069d693a6
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_ia64.deb
Size/MD5 checksum: 287272 bc3d117d2a5ce5472bd7c8e82415c316
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_ia64.deb
Size/MD5 checksum: 1770604 541a1c9edbe6a16405882e222cd7a109
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_ia64.deb
Size/MD5 checksum: 1055364 6f57696f2b7531f84130a70af0549b8d
HP Precision architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_hppa.deb
Size/MD5 checksum: 72484 204da57b2ee9c96ce1c452b7930200ed
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_hppa.deb
Size/MD5 checksum: 96546 c7effeaa7614518f6fc3430377a4a5d5
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_hppa.deb
Size/MD5 checksum: 215844 579d0e6079f28507f1ec9cb04e480eb1
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_hppa.deb
Size/MD5 checksum: 1918820 4fe546d4d46cd60886b632454051305f
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_hppa.deb
Size/MD5 checksum: 754974 33465a944d5f074d8360c6636e59a21c
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_m68k.deb
Size/MD5 checksum: 63104 97a7ac89fa92969b337c9faac65a396f
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_m68k.deb
Size/MD5 checksum: 82360 622b8f56215e11e8d8560a046ae6727d
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_m68k.deb
Size/MD5 checksum: 172070 6c83f54353a1f6e4ab930534ff1d4e3f
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_m68k.deb
Size/MD5 checksum: 1747054 ed7fb0f971840a7fa830bf8398a4d14e
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_m68k.deb
Size/MD5 checksum: 549178 af67d5db8fe060084f216816d5317349
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mips.deb
Size/MD5 checksum: 71252 ec1e7143d9bee2bbbe0c51c74565539a
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mips.deb
Size/MD5 checksum: 96432 63ea165d5ced9a86f03f401ddd82bdec
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mips.deb
Size/MD5 checksum: 182296 7f14e28ef4cb9dc8ee4a81379a41ba43
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mips.deb
Size/MD5 checksum: 1740550 80ceff7b9ad86b6a271a75f02b7fc156
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mips.deb
Size/MD5 checksum: 690306 d1fcfcfb94ed45c1cc1738f650ea7791
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_mipsel.deb
Size/MD5 checksum: 71024 7525d0c425e5039e9057f8ba7b33887a
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_mipsel.deb
Size/MD5 checksum: 96224 5659381cf1d060a6e941fa966b0a0ee9
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_mipsel.deb
Size/MD5 checksum: 182322 416d63e7910ac76318b044ec1822f7a5
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_mipsel.deb
Size/MD5 checksum: 1707922 1d802562db371b06b85fb9377c243b9c
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_mipsel.deb
Size/MD5 checksum: 690470 b2641844353f0e774878ed2584f3377b
PowerPC architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_powerpc.deb
Size/MD5 checksum: 67354 cea40c452a90042c183d548374e3d3ab
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_powerpc.deb
Size/MD5 checksum: 89190 8ba071acfbd7ce9a91547506c9f2032d
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_powerpc.deb
Size/MD5 checksum: 190122 2ed378aced84f062d25341ea402fe432
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_powerpc.deb
Size/MD5 checksum: 1833820 9e552d28447baff88a9513224872df4c
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_powerpc.deb
Size/MD5 checksum: 659124 bd3a42e7f529ffe0ba2c14db79d4c5e9
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_s390.deb
Size/MD5 checksum: 68148 c092242782dc253a48bed75e64d89f73
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_s390.deb
Size/MD5 checksum: 90736 4f1a07b555e2b45c2010f906cc5643b8
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_s390.deb
Size/MD5 checksum: 185080 31f46df36b184835aa7dfa690f0e5acf
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_s390.deb
Size/MD5 checksum: 1774464 73c0f603bccf160742f195eceda8cdaa
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_s390.deb
Size/MD5 checksum: 630076 51fb890370a4ac20cc624bd098f47a1f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2.0.23-6.3_sparc.deb
Size/MD5 checksum: 83524 3a4ecbbec28bdbece90059b279cf0b79
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.23-6.3_sparc.deb
Size/MD5 checksum: 96442 22cd660e75d55fdacdd8f3f496018e86
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23-6.3_sparc.deb
Size/MD5 checksum: 184178 8ed0238017accfbf049df22ba8caf7e0
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.0.23-6.3_sparc.deb
Size/MD5 checksum: 1793314 4ef681fc1a92aad509ed6b7697ea5ac3
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.3_sparc.deb
Size/MD5 checksum: 633264 70f1164d9d170954a31142e3aef49f61
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+ItYxW5ql+IAeqTIRAvV/AKCeZFJg95gz+EiDZhWigp28NPIuigCbBH/c
pv+CkTPod/NDJ6WJoe7q2sA=
=8Qj8
-----END PGP SIGNATURE-----