UbuntuUpdates.org

Package "libldap-2.4-2-dbg"

Name: libldap-2.4-2-dbg

Description:

Debugging information for OpenLDAP libraries

Latest version: 2.4.28-1.1ubuntu4.12
Release: precise (12.04)
Level: updates
Repository: main
Head package: openldap
Homepage: http://www.openldap.org/

Links


Download "libldap-2.4-2-dbg"


Other versions of "libldap-2.4-2-dbg" in Precise

Repository Area Version
base main 2.4.28-1.1ubuntu4
security main 2.4.28-1.1ubuntu4.12

Changelog

Version: 2.4.28-1.1ubuntu4.12 2021-05-03 16:06:21 UTC

  openldap (2.4.28-1.1ubuntu4.12) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: assertion failure in Certificate List syntax
    validation
    - debian/patches/CVE-2020-25709.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25709
  * SECURITY UPDATE: assertion failure in CSN normalization with invalid
    input
    - debian/patches/CVE-2020-25710.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25710

 -- <email address hidden> (Leonidas S. Barbosa) Fri, 20 Nov 2020 11:16:57 -0300

Source diff to previous version
CVE-2020-25709 assertion failure in Certificate List syntax validation
CVE-2020-25710 assertion failure in CSN normalization with invalid input

Version: 2.4.28-1.1ubuntu4.6 2015-09-16 19:06:42 UTC

  openldap (2.4.28-1.1ubuntu4.6) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted BER data
    - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
      libraries/liblber/io.c.
    - CVE-2015-6908
  * SECURITY UPDATE: user impersonation via incorrect default permissions
    - debian/slapd.init.ldif: disallow modifying one's own entry by
      default.
    - CVE-2014-9713

 -- Marc Deslauriers Mon, 14 Sep 2015 10:37:35 -0400

Source diff to previous version
CVE-2015-6908 The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable as
CVE-2014-9713 The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's per

Version: 2.4.28-1.1ubuntu4.5 2015-05-26 21:06:42 UTC

  openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via an LDAP search query
    with attrsOnly set to true. (LP: #1446809)
    - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
      normalized attr values
    - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
      current patch is not ideal
    - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
      present (attrsOnly = TRUE)
    - CVE-2012-1164
  * SECURITY UPDATE: fix rwm overlay reference counting
    - debian/patches/CVE-2013-4449.patch: fix reference counting
    - CVE-2013-4449
  * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
    - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
    - CVE-2015-1545

 -- Felipe Reyes <email address hidden> Tue, 19 May 2015 11:53:17 -0300

Source diff to previous version
1446809 [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
CVE-2012-1164 slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query wit
CVE-2013-4449 The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of servic
CVE-2015-1545 The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service

Version: 2.4.28-1.1ubuntu4.4 2013-10-03 21:07:05 UTC

  openldap (2.4.28-1.1ubuntu4.4) precise-proposed; urgency=low

  * Backport fix for back-mdb, fixes crash when deleting an entry
    that contains an indexed numeric attribute (LP: #1216650):
    - d/patches/its-7174-lutil_str2bin-cant-modify-input-strings.patch:
      Upstream patch to make sure that lutil_str2bin does not
      attempt to modify its input.
 -- Roel Standaert <email address hidden> Sat, 31 Aug 2013 08:29:45 +0200

Source diff to previous version
1216650 slapd crashed with SIGSEGV in lutil_str2bin() when using mdb

Version: 2.4.28-1.1ubuntu4.3 2013-06-27 23:06:56 UTC

  openldap (2.4.28-1.1ubuntu4.3) precise-proposed; urgency=low

  * Avoid deadlocks in back-bdb that truncate slapcat output (LP: #1185908):
    - d/patches/bdb-deadlock.patch: Patch copied from Debian #673038
 -- Ryan Tandy <email address hidden> Tue, 04 Jun 2013 09:00:09 -0700

1185908 slapd: slapcat output truncated every now and then



About   -   Send Feedback to @ubuntu_updates