UbuntuUpdates.org

Package "slapd"

Name: slapd

Description:

OpenLDAP server (slapd)

Latest version: 2.4.45+dfsg-1ubuntu1.10
Release: bionic (18.04)
Level: security
Repository: main
Head package: openldap
Homepage: http://www.openldap.org/

Links


Download "slapd"


Other versions of "slapd" in Bionic

Repository Area Version
base main 2.4.45+dfsg-1ubuntu1
updates main 2.4.45+dfsg-1ubuntu1.10

Changelog

Version: 2.4.45+dfsg-1ubuntu1.3 2019-07-30 18:07:22 UTC

  openldap (2.4.45+dfsg-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

 -- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 13:27:16 -0400

CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certa
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers



About   -   Send Feedback to @ubuntu_updates