[Bug 742104] Re: OpenLDAP remote DoS: CVE-2011-1081
Launchpad Bug Tracker
742104 at bugs.launchpad.net
Thu Apr 7 17:40:27 UTC 2011
This bug was fixed in the package openldap - 2.4.23-6ubuntu6
---------------
openldap (2.4.23-6ubuntu6) natty; urgency=low
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
backend. Note: Ubuntu is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
- LP: #742104
-- Jamie Strandboge <jamie at ubuntu.com> Thu, 07 Apr 2011 11:36:53 -0500
** Changed in: openldap (Ubuntu Natty)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1024
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1025
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/742104
Title:
OpenLDAP remote DoS: CVE-2011-1081
More information about the Ubuntu-server-bugs
mailing list