[ubuntu/dapper-security] openldap2.2_2.2.26-5ubuntu2.9_ia64_translations.tar.gz, openldap2.2, openldap2.2_2.2.26-5ubuntu2.9_powerpc_translations.tar.gz, openldap2.2_2.2.26-5ubuntu2.9_amd64_translations.tar.gz, openldap2.2_2.2.26-5ubuntu2.9_sparc_translations.tar.gz, openldap2.2_2.2.26-5ubuntu2.9_i386_translations.tar.gz 2.2.26-5ubuntu2.9 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Thu Nov 12 14:03:14 GMT 2009
openldap2.2 (2.2.26-5ubuntu2.9) dapper-security; urgency=low
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- libraries/libldap/tls.c: get the last CN and check for length match.
- http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.12
- CVE-2009-3767
Date: Wed, 11 Nov 2009 11:53:46 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Torsten Landschoff <torsten at debian.org>
https://launchpad.net/ubuntu/dapper/+source/openldap2.2/2.2.26-5ubuntu2.9
-------------- next part --------------
Format: 1.7
Date: Wed, 11 Nov 2009 11:53:46 -0500
Source: openldap2.2
Binary: slapd ldap-utils libldap-2.2-7
Architecture: source
Version: 2.2.26-5ubuntu2.9
Distribution: dapper-security
Urgency: low
Maintainer: Torsten Landschoff <torsten at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.2-7 - OpenLDAP libraries
slapd - OpenLDAP server (slapd)
Changes:
openldap2.2 (2.2.26-5ubuntu2.9) dapper-security; urgency=low
.
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- libraries/libldap/tls.c: get the last CN and check for length match.
- http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.12
- CVE-2009-3767
Files:
5a95dae94a1016fbcf41c1c1992ea8e6 1028 net optional openldap2.2_2.2.26-5ubuntu2.9.dsc
098a03b4f7d511ce730e9647deca2072 516098 net optional openldap2.2_2.2.26-5ubuntu2.9.diff.gz
More information about the dapper-changes
mailing list