Ubuntu Security Notice USN-152-1
21st July, 2005
openldap2, libpam-ldap, libnss-ldap vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
Andrea Barisani discovered a flaw in the SSL handling of pam-ldap and
libnss-ldap. When a client connected to a slave LDAP server using SSL,
the slave server did not use SSL as well when contacting the LDAP
master server. This caused passwords and other confident information
to be transmitted unencrypted between the slave and the master.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- libpam-ldap
- libnss-ldap
- slapd
- Ubuntu 4.10:
- libpam-ldap
- libnss-ldap
- slapd
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None