Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string. For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny2. (The missing update for the mips architecture will be provided soon.) For the unstable distribution (sid), this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.
Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems:
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences.
OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string.
For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny2. (The missing update for the mips architecture will be provided soon.)
For the unstable distribution (sid), this problem has been fixed in version 2.4.23-1.
We recommend that you upgrade your openldap packages.
MD5 checksums of the listed files are available in the original advisory.