Debian Security Advisory DSA 2077-1 (openldap)

The remote host is missing an update to openldap announced via advisory DSA 2077-1.

Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string. For the stable distribution (lenny), this problem has been fixed in version 2.4.11-1+lenny2. (The missing update for the mips architecture will be provided soon.) For the unstable distribution (sid), this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202077-1