This bug was fixed in the package openldap - 2.4.23-6ubuntu6
---------------
openldap (2.4.23-6ubuntu6) natty; urgency=low
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and using ndb
backend. Note: Ubuntu is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
- LP: #742104
-- Jamie Strandboge <[email protected]> Thu, 07 Apr 2011 11:36:53 -0500
** Changed in: openldap (Ubuntu Natty)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1024
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1025
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/742104
Title:
OpenLDAP remote DoS: CVE-2011-1081
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
