Ubuntu Update for Linux kernel vulnerabilities USN-965-1

Please Install the Updated Packages.

Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salom&#228 ki discovered that the slap_modrdn2mods function in modrdn.c in OpenLDAP does not check the return value from a call to the smr_normalize function. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon or possibly execute arbitrary code. (CVE-2010-0211) Using the Codenomicon LDAPv3 test suite, Ilkka Mattila and Tuomas Salom&#228 ki discovered that OpenLDAP does not properly handle empty RDN strings. A remote attacker could use specially crafted modrdn requests to crash the slapd daemon. (CVE-2010-0212) In the default installation under Ubuntu 8.04 LTS and later, attackers would be isolated by the OpenLDAP AppArmor profile for the slapd daemon.

OpenLDAP vulnerabilities on Ubuntu 6.06 LTS , Ubuntu 8.04 LTS , Ubuntu 9.04 , Ubuntu 9.10 , Ubuntu 10.04 LTS