UbuntuUpdates.org

Package "ldap-utils"

Name: ldap-utils

Description:

OpenLDAP utilities
Latest version: 2.4.42+dfsg-2ubuntu3.13
Release: xenial (16.04)
Level: updates
Repository: main
Head package: openldap
Homepage: http://www.openldap.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ldap-utils"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ldap-utils" in Xenial

Repository Area Version
base main 2.4.42+dfsg-2ubuntu3
security main 2.4.42+dfsg-2ubuntu3.13

Changelog

Version: 2.4.42+dfsg-2ubuntu3.8 2020-05-06 17:08:38 UTC

  openldap (2.4.42+dfsg-2ubuntu3.8) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - CVE-2020-12243

 -- Marc Deslauriers <email address hidden> Fri, 01 May 2020 13:11:29 -0400
Source diff to previous version
CVE-2020-12243 In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Version: 2.4.42+dfsg-2ubuntu3.7 2019-08-29 11:06:22 UTC

  openldap (2.4.42+dfsg-2ubuntu3.7) xenial; urgency=medium

  * d/p/rwm-do-not-free-original-filter.patch: Fix slapd segfault (LP: #1838370)

 -- Lucas Kanashiro <email address hidden> Thu, 08 Aug 2019 16:33:06 -0300
Source diff to previous version
1838370 slapd segfault on filter parse error

Version: 2.4.42+dfsg-2ubuntu3.6 2019-07-30 19:07:11 UTC

  openldap (2.4.42+dfsg-2ubuntu3.6) xenial-security; urgency=medium

  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

 -- Marc Deslauriers <email address hidden> Fri, 26 Jul 2019 13:28:04 -0400
Source diff to previous version
CVE-2019-13057 An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certa
CVE-2019-13565 An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers

Version: 2.4.42+dfsg-2ubuntu3.5 2019-04-29 12:07:09 UTC

  openldap (2.4.42+dfsg-2ubuntu3.5) xenial; urgency=medium

  * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
    - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
      correct systemctl status for slapd daemon.
    - d/slapd.install: place override file in correct location.

 -- Heitor Alves de Siqueira <email address hidden> Wed, 10 Apr 2019 10:01:36 -0300
Source diff to previous version
1821343 slapd process failure is not detected by systemd

Version: 2.4.42+dfsg-2ubuntu3.4 2018-11-21 22:06:21 UTC

  openldap (2.4.42+dfsg-2ubuntu3.4) xenial; urgency=medium

  * d/apparmor-profile: update apparmor profile to allow reading of
    files needed when slapd is behaving as a kerberos/gssapi client
    and acquiring its own ticket. (LP: #1783183)

 -- Andreas Hasenack <email address hidden> Tue, 23 Oct 2018 09:47:19 -0300
1783183 apparmor profile denied for kerberos client keytab and credential cache files


About   -   Send Feedback to @ubuntu_updates