UbuntuUpdates.org

Package "libldap-2.4-2"

Name: libldap-2.4-2

Description:

OpenLDAP libraries

Latest version: 2.4.42+dfsg-2ubuntu3.13
Release: xenial (16.04)
Level: security
Repository: main
Head package: openldap
Homepage: http://www.openldap.org/

Links


Download "libldap-2.4-2"


Other versions of "libldap-2.4-2" in Xenial

Repository Area Version
base main 2.4.42+dfsg-2ubuntu3
updates main 2.4.42+dfsg-2ubuntu3.13

Changelog

Version: 2.4.42+dfsg-2ubuntu3.6 2019-07-30 18:07:17 UTC

  openldap (2.4.42+dfsg-2ubuntu3.6) xenial-security; urgency=medium

  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

 -- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 13:28:04 -0400

Source diff to previous version
CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certa
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers

Version: 2.4.42+dfsg-2ubuntu3.2 2017-06-01 15:06:44 UTC

  openldap (2.4.42+dfsg-2ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via search with page size of 0
    - debian/patches/CVE-2017-9287.patch: fix double-free in
      servers/slapd/back-mdb/search.c.
    - CVE-2017-9287

 -- Marc Deslauriers <email address hidden> Tue, 30 May 2017 15:20:53 -0400

CVE-2017-9287 servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can cr



About   -   Send Feedback to @ubuntu_updates