DSA-2077-1 openldap -- severalID: oval:org.secpod.oval:def:600132 | Date: (C)2011-01-28 (M)2024-02-19 |
Class: PATCH | Family: unix |
Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string. For the stable distribution , this problem has been fixed in version 2.4.11-1+lenny2. For the unstable distribution , this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.