Ubuntu
openldap package

  1. Bug #742104
  2. Comment #3

Comment 3 for bug 742104

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openldap - 2.4.23-6ubuntu6

---------------
openldap (2.4.23-6ubuntu6) natty; urgency=low

  * SECURITY UPDATE: fix successful anonymous bind via chain overlay when
    using forwarded authentication failures
    - debian/patches/CVE-2011-1024
    - CVE-2011-1024
  * SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
    backend. Note: Ubuntu is not compiled with --enable-ndb by default
    - debian/patches/CVE-2011-1025
    - CVE-2011-1025
  * SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
    and requestDN is empty
    - debian/patches/CVE-2011-1081
    - CVE-2011-1081
    - LP: #742104
 -- Jamie Strandboge <email address hidden> Thu, 07 Apr 2011 11:36:53 -0500