USN-634-1: OpenLDAP vulnerability

Referenced CVEs: CVE-2008-2952Description: 
Ubuntu Security Notice USN-634-1 August 01, 2008
openldap2.2, openldap2.3 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
slapd 2.2.26-5ubuntu2.8

Ubuntu 7.04:
slapd 2.3.30-2ubuntu0.3

Ubuntu 7.10:
slapd 2.3.35-1ubuntu0.3

Ubuntu 8.04 LTS:
slapd 2.4.9-0ubuntu0.8.04.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Cameron Hotchkies discovered that OpenLDAP did not correctly handle
certain ASN.1 BER data. A remote attacker could send a specially crafted
packet and crash slapd, leading to a denial of service.