Considering that exim has ldap code in it, and there are several exim +
ldap users around, thought I'd repost this.
suresh
> ----------------------------------------------------------------------
>
> Message-Id: <m18Y6BY-000p0OC@???>
> From: joey@??? (Martin Schulze)
> To: bugtraq@???
> Subject: [SECURITY] [DSA 227-1] New openldap packages fix buffer
> overflows and remote exploit Date: Mon, 13 Jan 2003 16:07:32 +0100
> (CET)
>
> > -
> ----------------------------------------------------------------------
----
> Debian Security Advisory DSA 227-1
> security@??? http://www.debian.org/security/
> Martin Schulze
> January, 13th, 2003
> http://www.debian.org/security/faq
> -
> ----------------------------------------------------------------------
----
>
> Package : openldap2
> Vulnerability : buffer overflows and other bugs
> Problem-Type : local, remote
> Debian-specific: no
> CVE Id : CAN-2002-1378 CAN-2002-1379
> BugTraq Id : 6328
>
> The SuSE Security Team reviewed critical parts of openldap2, an
> implementation of the Lightweight Directory Access Protocol (LDAP)
> version 2 and 3, and found several buffer overflows and other bugs
> remote attackers could exploit to gain access on systems running
> vulnerable LDAP servers. In addition to these bugs, various local
> exploitable bugs within the OpenLDAP2 libraries have been fixed.
>
> For the current stable distribution (woody) these problems have been
> fixed in version 2.0.23-6.3.
>
> The old stable distribution (potato) does not contain OpenLDAP2
> packages.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 2.0.27-3.
>
> We recommend that you upgrade your openldap2 packages.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.0 alias woody
> - --------------------------------
>
> Source archives:
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.2
3-6.3.dsc
> Size/MD5 checksum: 763 45168fb49d17bcbefc2d920400705ac1
>
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.2
3-6.3.diff.gz
> Size/MD5 checksum: 20913 f0fa8fa225ccd5ce44504811511c9ad4
>
http://security.debian.org/pool/updates/main/o/openldap2/openldap2_2.0.2
3.orig.tar.gz
> Size/MD5 checksum: 1302928 d13cfded502c7d2b43b3c42b4e6dd599
>
> Alpha architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_alpha.deb
> Size/MD5 checksum: 87630 29068d6586e62aa8141995d19d85b5f2
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_alpha.deb
> Size/MD5 checksum: 113812 ffe2c1b7afd49bbd45143b4d2c5738a3
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_alpha.deb
> Size/MD5 checksum: 213992 5a20e5fa07a7e64c501fce960bafb00d
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_alpha.deb
> Size/MD5 checksum: 1833542 4554c75be54f37f98062874c1fd05ef3
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_alpha.deb
> Size/MD5 checksum: 806478 e3ebfb7fefffdebdfc48127c53989b5a
>
> ARM architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_arm.deb
> Size/MD5 checksum: 65998 395356a67fc07a37cb7ff83e4f433f08
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_arm.deb
> Size/MD5 checksum: 90090 2d6582bca66d8d4975767e9143610617
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_arm.deb
> Size/MD5 checksum: 183032 202e9ee365ea54dab60b7b827d47b759
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_arm.deb
> Size/MD5 checksum: 1789034 7144479db1c2c8433fcd89ee6b1cd693
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_arm.deb
> Size/MD5 checksum: 672624 d93eddf64b805fe8ad456e1abb477237
>
> Intel IA-32 architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_i386.deb
> Size/MD5 checksum: 65232 423b8b0b3fd8a09ef365d4ec25023d26
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_i386.deb
> Size/MD5 checksum: 86350 0bc201b83a18897972cecccb37beba0b
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_i386.deb
> Size/MD5 checksum: 172742 2222f508b8f6b0cf808ece56cfd639e9
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_i386.deb
> Size/MD5 checksum: 1732946 1f98f56fb5b0215788c9581cc330a77a
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_i386.deb
> Size/MD5 checksum: 606922 42fc1c90d802d9bc155094cd2c5b3a05
>
> Intel IA-64 architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_ia64.deb
> Size/MD5 checksum: 97926 102155513b8228429771ede0d79ba286
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_ia64.deb
> Size/MD5 checksum: 130370 c200491173f802aa79f18f6069d693a6
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_ia64.deb
> Size/MD5 checksum: 287272 bc3d117d2a5ce5472bd7c8e82415c316
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_ia64.deb
> Size/MD5 checksum: 1770604 541a1c9edbe6a16405882e222cd7a109
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_ia64.deb
> Size/MD5 checksum: 1055364 6f57696f2b7531f84130a70af0549b8d
>
> HP Precision architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_hppa.deb
> Size/MD5 checksum: 72484 204da57b2ee9c96ce1c452b7930200ed
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_hppa.deb
> Size/MD5 checksum: 96546 c7effeaa7614518f6fc3430377a4a5d5
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_hppa.deb
> Size/MD5 checksum: 215844 579d0e6079f28507f1ec9cb04e480eb1
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_hppa.deb
> Size/MD5 checksum: 1918820 4fe546d4d46cd60886b632454051305f
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_hppa.deb
> Size/MD5 checksum: 754974 33465a944d5f074d8360c6636e59a21c
>
> Motorola 680x0 architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_m68k.deb
> Size/MD5 checksum: 63104 97a7ac89fa92969b337c9faac65a396f
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_m68k.deb
> Size/MD5 checksum: 82360 622b8f56215e11e8d8560a046ae6727d
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_m68k.deb
> Size/MD5 checksum: 172070 6c83f54353a1f6e4ab930534ff1d4e3f
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_m68k.deb
> Size/MD5 checksum: 1747054 ed7fb0f971840a7fa830bf8398a4d14e
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_m68k.deb
> Size/MD5 checksum: 549178 af67d5db8fe060084f216816d5317349
>
> Big endian MIPS architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_mips.deb
> Size/MD5 checksum: 71252 ec1e7143d9bee2bbbe0c51c74565539a
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_mips.deb
> Size/MD5 checksum: 96432 63ea165d5ced9a86f03f401ddd82bdec
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_mips.deb
> Size/MD5 checksum: 182296 7f14e28ef4cb9dc8ee4a81379a41ba43
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_mips.deb
> Size/MD5 checksum: 1740550 80ceff7b9ad86b6a271a75f02b7fc156
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_mips.deb
> Size/MD5 checksum: 690306 d1fcfcfb94ed45c1cc1738f650ea7791
>
> Little endian MIPS architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_mipsel.deb
> Size/MD5 checksum: 71024 7525d0c425e5039e9057f8ba7b33887a
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_mipsel.deb
> Size/MD5 checksum: 96224 5659381cf1d060a6e941fa966b0a0ee9
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_mipsel.deb
> Size/MD5 checksum: 182322 416d63e7910ac76318b044ec1822f7a5
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_mipsel.deb
> Size/MD5 checksum: 1707922 1d802562db371b06b85fb9377c243b9c
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_mipsel.deb
> Size/MD5 checksum: 690470 b2641844353f0e774878ed2584f3377b
>
> PowerPC architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_powerpc.deb
> Size/MD5 checksum: 67354 cea40c452a90042c183d548374e3d3ab
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_powerpc.deb
> Size/MD5 checksum: 89190 8ba071acfbd7ce9a91547506c9f2032d
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_powerpc.deb
> Size/MD5 checksum: 190122 2ed378aced84f062d25341ea402fe432
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_powerpc.deb
> Size/MD5 checksum: 1833820 9e552d28447baff88a9513224872df4c
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_powerpc.deb
> Size/MD5 checksum: 659124 bd3a42e7f529ffe0ba2c14db79d4c5e9
>
> IBM S/390 architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_s390.deb
> Size/MD5 checksum: 68148 c092242782dc253a48bed75e64d89f73
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_s390.deb
> Size/MD5 checksum: 90736 4f1a07b555e2b45c2010f906cc5643b8
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_s390.deb
> Size/MD5 checksum: 185080 31f46df36b184835aa7dfa690f0e5acf
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_s390.deb
> Size/MD5 checksum: 1774464 73c0f603bccf160742f195eceda8cdaa
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_s390.deb
> Size/MD5 checksum: 630076 51fb890370a4ac20cc624bd098f47a1f
>
> Sun Sparc architecture:
>
>
>
>
>
>
>
>
>
>
>
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-gateways_2
.0.23-6.3_sparc.deb
> Size/MD5 checksum: 83524 3a4ecbbec28bdbece90059b279cf0b79
>
http://security.debian.org/pool/updates/main/o/openldap2/ldap-utils_2.0.
23-6.3_sparc.deb
> Size/MD5 checksum: 96442 22cd660e75d55fdacdd8f3f496018e86
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2_2.0.23
-6.3_sparc.deb
> Size/MD5 checksum: 184178 8ed0238017accfbf049df22ba8caf7e0
>
http://security.debian.org/pool/updates/main/o/openldap2/libldap2-dev_2.
0.23-6.3_sparc.deb
> Size/MD5 checksum: 1793314 4ef681fc1a92aad509ed6b7697ea5ac3
>
http://security.debian.org/pool/updates/main/o/openldap2/slapd_2.0.23-6.
3_sparc.deb
> Size/MD5 checksum: 633264 70f1164d9d170954a31142e3aef49f61
>
>
> These files will probably be moved into the stable distribution on
> its next revision.
>
> -
> ----------------------------------------------------------------------
-----------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@???
> Package info: `apt-cache show <pkg>' and
> http://packages.debian.org/<pkg>
>
> >
> ------------------------------
