openldap 2.4.42+dfsg-2ubuntu3.12 source package in Ubuntu

Changelog

openldap (2.4.42+dfsg-2ubuntu3.12) xenial-security; urgency=medium

  * SECURITY UPDATE: integer underflow in Certificate Exact Assertion
    processing
    - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck
      in servers/slapd/schema_init.c.
    - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck
      in servers/slapd/schema_init.c.
    - CVE-2020-36221
  * SECURITY UPDATE: assert failure in saslAuthzTo validation
    - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2020-36222-2.patch: fix debug msg in
      servers/slapd/saslauthz.c.
    - CVE-2020-36222
  * SECURITY UPDATE: crash in Values Return Filter control handling
    - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in
      servers/slapd/controls.c.
    - CVE-2020-36223
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN
      in servers/slapd/saslauthz.c.
    - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev
      commit in servers/slapd/saslauthz.c.
    - CVE-2020-36224
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in
      servers/slapd/dn.c.
    - CVE-2020-36225
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in
      servers/slapd/saslauthz.c.
    - CVE-2020-36226
  * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation
    - debian/patches/CVE-2020-36227.patch: fix cancel exop in
      servers/slapd/cancel.c.
    - CVE-2020-36227
  * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing
    - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in
      servers/slapd/schema_init.c.
    - CVE-2020-36228
  * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring
    - debian/patches/CVE-2020-36229.patch: add more checks to
      ldap_X509dn2bv in libraries/libldap/tls2.c.
    - CVE-2020-36229
  * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element
    - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN
      count in libraries/libldap/tls2.c.
    - CVE-2020-36230

 -- Marc Deslauriers <email address hidden>  Tue, 02 Feb 2021 11:51:22 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openldap_2.4.42+dfsg.orig.tar.gz 4.6 MiB 5f56e4e3584f7a4b4c8437a2c985b2f519836946be77ef1aa43a5d20c02ea97b
openldap_2.4.42+dfsg-2ubuntu3.12.debian.tar.xz 182.0 KiB 44120f4a8b6aa21a0a6d628e3a2c030c2d2d17fe61580c5495e1aef6476255ca
openldap_2.4.42+dfsg-2ubuntu3.12.dsc 3.0 KiB ddbe6d65a15521f21df785eb04a88994ad49cf4d1efe5043f8e11b99a1e08fa2

View changes file

Binary packages built by this source

ldap-utils: OpenLDAP utilities

 This package provides utilities from the OpenLDAP (Lightweight
 Directory Access Protocol) package. These utilities can access a
 local or remote LDAP server and contain all the client programs
 required to access LDAP servers.

ldap-utils-dbgsym: debug symbols for package ldap-utils

 This package provides utilities from the OpenLDAP (Lightweight
 Directory Access Protocol) package. These utilities can access a
 local or remote LDAP server and contain all the client programs
 required to access LDAP servers.

libldap-2.4-2: OpenLDAP libraries

 These are the run-time libraries for the OpenLDAP (Lightweight Directory
 Access Protocol) servers and clients.

libldap-2.4-2-dbg: Debugging information for OpenLDAP libraries

 This package provides detached debugging information for the OpenLDAP
 (Lightweight Directory Access Protocol) libraries. It is useful
 primarily to permit better backtraces and crash dump analysis after
 problems with the libraries. GDB will find this debug information
 automatically.

libldap-2.4-2-dbgsym: debug symbols for package libldap-2.4-2

 These are the run-time libraries for the OpenLDAP (Lightweight Directory
 Access Protocol) servers and clients.

libldap2-dev: OpenLDAP development libraries

 This package allows development of LDAP applications using the OpenLDAP
 libraries. It includes headers, libraries and links to allow static and
 dynamic linking.

libldap2-dev-dbgsym: debug symbols for package libldap2-dev

 This package allows development of LDAP applications using the OpenLDAP
 libraries. It includes headers, libraries and links to allow static and
 dynamic linking.

slapd: OpenLDAP server (slapd)

 This is the OpenLDAP (Lightweight Directory Access Protocol) server
 (slapd). The server can be used to provide a standalone directory
 service.

slapd-dbg: Debugging information for the OpenLDAP server (slapd)

 This package provides detached debugging information for the OpenLDAP
 (Lightweight Directory Access Protocol) server (slapd). It is useful
 primarily to permit better backtraces and crash dump analysis after
 problems with the libraries. GDB will find this debug information
 automatically.

slapd-dbgsym: debug symbols for package slapd

 This is the OpenLDAP (Lightweight Directory Access Protocol) server
 (slapd). The server can be used to provide a standalone directory
 service.

slapd-smbk5pwd: Keeps Samba and Kerberos passwords in sync within slapd.

 Extends the PasswordModify Extended Operation to update Kerberos keys
 and Samba password hashes for an LDAP user. The Kerberos support is
 written for Heimdal using its hdb-ldap backend. The Samba support is
 written using the Samba 3.0 LDAP schema.

slapd-smbk5pwd-dbgsym: debug symbols for package slapd-smbk5pwd

 Extends the PasswordModify Extended Operation to update Kerberos keys
 and Samba password hashes for an LDAP user. The Kerberos support is
 written for Heimdal using its hdb-ldap backend. The Samba support is
 written using the Samba 3.0 LDAP schema.