UbuntuUpdates.org

Package "openldap"

Name: openldap

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Keeps Samba and Kerberos passwords in sync within slapd.

Latest version: 2.4.45+dfsg-1ubuntu1.10
Release: bionic (18.04)
Level: updates
Repository: universe

Links



Other versions of "openldap" in Bionic

Repository Area Version
base main 2.4.45+dfsg-1ubuntu1
base universe 2.4.45+dfsg-1ubuntu1
security universe 2.4.45+dfsg-1ubuntu1.10
security main 2.4.45+dfsg-1ubuntu1.10
updates main 2.4.45+dfsg-1ubuntu1.10

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.45+dfsg-1ubuntu1.5 2020-05-08 16:07:07 UTC

  openldap (2.4.45+dfsg-1ubuntu1.5) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - CVE-2020-12243

 -- Marc Deslauriers <email address hidden> Fri, 01 May 2020 13:11:02 -0400

Source diff to previous version
CVE-2020-12243 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Version: 2.4.45+dfsg-1ubuntu1.4 2019-08-27 21:07:03 UTC

  openldap (2.4.45+dfsg-1ubuntu1.4) bionic; urgency=medium

  * d/p/rwm-do-not-free-original-filter.patch: Fix slapd segfault (LP: #1838370)

 -- Lucas Kanashiro <email address hidden> Thu, 08 Aug 2019 15:08:36 -0300

Source diff to previous version
1838370 slapd segfault on filter parse error

Version: 2.4.45+dfsg-1ubuntu1.3 2019-07-30 21:07:22 UTC

  openldap (2.4.45+dfsg-1ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

 -- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 13:27:16 -0400

Source diff to previous version
CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certa
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers

Version: 2.4.45+dfsg-1ubuntu1.2 2019-04-29 12:07:15 UTC

  openldap (2.4.45+dfsg-1ubuntu1.2) bionic; urgency=medium

  * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
    - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
      correct systemctl status for slapd daemon.
    - d/slapd.install: place override file in correct location.

 -- Heitor Alves de Siqueira <email address hidden> Wed, 10 Apr 2019 09:53:11 -0300

Source diff to previous version
1821343 slapd process failure is not detected by systemd

Version: 2.4.45+dfsg-1ubuntu1.1 2018-11-21 01:07:04 UTC

  openldap (2.4.45+dfsg-1ubuntu1.1) bionic; urgency=medium

  * d/apparmor-profile: update apparmor profile to allow reading of
    files needed when slapd is behaving as a kerberos/gssapi client
    and acquiring its own ticket. (LP: #1783183)

 -- Andreas Hasenack <email address hidden> Tue, 23 Oct 2018 10:01:47 -0300

1783183 apparmor profile denied for kerberos client keytab and credential cache files



About   -   Send Feedback to @ubuntu_updates