USN-858-1: OpenLDAP vulnerability

view story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-3767 Description:  =========================================================== Ubuntu Security Notice USN-858-1 November 12, 2009 openldap2.2 vulnerability CVE-2009-3767 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libldap-2.2-7 2.2.26-5ubuntu2.9 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (Distributions)