openldap 2.4.53+dfsg-1ubuntu1.3 source package in Ubuntu
Changelog
openldap (2.4.53+dfsg-1ubuntu1.3) groovy-security; urgency=medium
* SECURITY UPDATE: integer underflow in Certificate Exact Assertion
processing
- debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck
in servers/slapd/schema_init.c.
- debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck
in servers/slapd/schema_init.c.
- CVE-2020-36221
* SECURITY UPDATE: assert failure in saslAuthzTo validation
- debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in
servers/slapd/saslauthz.c.
- debian/patches/CVE-2020-36222-2.patch: fix debug msg in
servers/slapd/saslauthz.c.
- CVE-2020-36222
* SECURITY UPDATE: crash in Values Return Filter control handling
- debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in
servers/slapd/controls.c.
- CVE-2020-36223
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN
in servers/slapd/saslauthz.c.
- debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev
commit in servers/slapd/saslauthz.c.
- CVE-2020-36224
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in
servers/slapd/dn.c.
- CVE-2020-36225
* SECURITY UPDATE: DoS in saslAuthzTo processing
- debian/patches/CVE-2020-36226.patch: fix slap_parse_user in
servers/slapd/saslauthz.c.
- CVE-2020-36226
* SECURITY UPDATE: infinite loop in cancel_extop Cancel operation
- debian/patches/CVE-2020-36227.patch: fix cancel exop in
servers/slapd/cancel.c.
- CVE-2020-36227
* SECURITY UPDATE: DoS in Certificate List Exact Assertion processing
- debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in
servers/slapd/schema_init.c.
- CVE-2020-36228
* SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring
- debian/patches/CVE-2020-36229.patch: add more checks to
ldap_X509dn2bv in libraries/libldap/tls2.c.
- CVE-2020-36229
* SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element
- debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN
count in libraries/libldap/tls2.c.
- CVE-2020-36230
-- Marc Deslauriers <email address hidden> Tue, 02 Feb 2021 10:37:52 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Groovy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| openldap_2.4.53+dfsg.orig.tar.gz | 4.8 MiB | 939b281098f63432a0e29de06701823cc158225fce33973b768dc883f6756139 |
| openldap_2.4.53+dfsg-1ubuntu1.3.debian.tar.xz | 182.0 KiB | 6594c8003dc32a8080f65657e705bc289522bbf72246e9f4c6e1fceb53c95ec3 |
| openldap_2.4.53+dfsg-1ubuntu1.3.dsc | 3.1 KiB | 284b88ef46d355f9f8fa5fd38a3ba72af8cae86334c4b97c0df700311941437e |
Available diffs
Binary packages built by this source
- ldap-utils: No summary available for ldap-utils in ubuntu groovy.
No description available for ldap-utils in ubuntu groovy.
- ldap-utils-dbgsym: No summary available for ldap-utils-dbgsym in ubuntu groovy.
No description available for ldap-utils-dbgsym in ubuntu groovy.
- libldap-2.4-2: No summary available for libldap-2.4-2 in ubuntu groovy.
No description available for libldap-2.4-2 in ubuntu groovy.
- libldap-2.4-2-dbgsym: No summary available for libldap-2.4-2-dbgsym in ubuntu groovy.
No description available for libldap-
2.4-2-dbgsym in ubuntu groovy.
- libldap-common: No summary available for libldap-common in ubuntu groovy.
No description available for libldap-common in ubuntu groovy.
- libldap2-dev: No summary available for libldap2-dev in ubuntu groovy.
No description available for libldap2-dev in ubuntu groovy.
- slapd: No summary available for slapd in ubuntu groovy.
No description available for slapd in ubuntu groovy.
- slapd-contrib: No summary available for slapd-contrib in ubuntu groovy.
No description available for slapd-contrib in ubuntu groovy.
- slapd-contrib-dbgsym: No summary available for slapd-contrib-dbgsym in ubuntu groovy.
No description available for slapd-contrib-
dbgsym in ubuntu groovy.
- slapd-dbgsym: No summary available for slapd-dbgsym in ubuntu groovy.
No description available for slapd-dbgsym in ubuntu groovy.
- slapd-smbk5pwd: No summary available for slapd-smbk5pwd in ubuntu groovy.
No description available for slapd-smbk5pwd in ubuntu groovy.
- slapi-dev: No summary available for slapi-dev in ubuntu groovy.
No description available for slapi-dev in ubuntu groovy.
