Ubuntu
openldap package

openldap 2.4.45+dfsg-1ubuntu1.9 source package in Ubuntu

Changelog

openldap (2.4.45+dfsg-1ubuntu1.9) bionic-security; urgency=medium

  * SECURITY UPDATE: integer underflow in Certificate Exact Assertion
    processing
    - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck
      in servers/slapd/schema_init.c.
    - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck
      in servers/slapd/schema_init.c.
    - CVE-2020-36221
  * SECURITY UPDATE: assert failure in saslAuthzTo validation
    - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2020-36222-2.patch: fix debug msg in
      servers/slapd/saslauthz.c.
    - CVE-2020-36222
  * SECURITY UPDATE: crash in Values Return Filter control handling
    - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in
      servers/slapd/controls.c.
    - CVE-2020-36223
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN
      in servers/slapd/saslauthz.c.
    - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev
      commit in servers/slapd/saslauthz.c.
    - CVE-2020-36224
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in
      servers/slapd/dn.c.
    - CVE-2020-36225
  * SECURITY UPDATE: DoS in saslAuthzTo processing
    - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in
      servers/slapd/saslauthz.c.
    - CVE-2020-36226
  * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation
    - debian/patches/CVE-2020-36227.patch: fix cancel exop in
      servers/slapd/cancel.c.
    - CVE-2020-36227
  * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing
    - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in
      servers/slapd/schema_init.c.
    - CVE-2020-36228
  * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring
    - debian/patches/CVE-2020-36229.patch: add more checks to
      ldap_X509dn2bv in libraries/libldap/tls2.c.
    - CVE-2020-36229
  * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element
    - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN
      count in libraries/libldap/tls2.c.
    - CVE-2020-36230

 -- Marc Deslauriers <email address hidden>  Tue, 02 Feb 2021 11:08:14 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
openldap_2.4.45+dfsg.orig.tar.gz 4.6 MiB d51c70423aa0554d454fd3d43e7f2e940523b4ef07979305b48c233ae44b2b32
openldap_2.4.45+dfsg-1ubuntu1.9.debian.tar.xz 179.3 KiB 7d8079396c2cc632c3d84b645dd9ddaaadc13f13c6744b48fd5b9531bf0b091c
openldap_2.4.45+dfsg-1ubuntu1.9.dsc 2.8 KiB 92e448dfffcdc2a4607b4dff38df1d9bfcc8fac7db50a719125e5870e0c76c41

View changes file

Binary packages built by this source

ldap-utils: OpenLDAP utilities

 This package provides utilities from the OpenLDAP (Lightweight
 Directory Access Protocol) package. These utilities can access a
 local or remote LDAP server and contain all the client programs
 required to access LDAP servers.

ldap-utils-dbgsym: debug symbols for ldap-utils
libldap-2.4-2: OpenLDAP libraries

 These are the run-time libraries for the OpenLDAP (Lightweight Directory
 Access Protocol) servers and clients.

libldap-2.4-2-dbgsym: debug symbols for libldap-2.4-2
libldap-common: OpenLDAP common files for libraries

 These are common files for the run-time libraries for the OpenLDAP
 (Lightweight Directory Access Protocol) servers and clients.

libldap2-dev: OpenLDAP development libraries

 This package allows development of LDAP applications using the OpenLDAP
 libraries. It includes headers, libraries and links to allow static and
 dynamic linking.

slapd: OpenLDAP server (slapd)

 This is the OpenLDAP (Lightweight Directory Access Protocol) server
 (slapd). The server can be used to provide a standalone directory
 service.

slapd-dbgsym: debug symbols for slapd
slapd-smbk5pwd: Keeps Samba and Kerberos passwords in sync within slapd.

 Extends the PasswordModify Extended Operation to update Kerberos keys
 and Samba password hashes for an LDAP user. The Kerberos support is
 written for Heimdal using its hdb-ldap backend. The Samba support is
 written using the Samba 3.0 LDAP schema.

slapd-smbk5pwd-dbgsym: debug symbols for slapd-smbk5pwd