[ubuntu/precise-updates] openldap 2.4.28-1.1ubuntu4.12 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon May 3 14:07:31 UTC 2021 

openldap (2.4.28-1.1ubuntu4.12) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: assertion failure in Certificate List syntax
    validation
    - debian/patches/CVE-2020-25709.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25709
  * SECURITY UPDATE: assertion failure in CSN normalization with invalid
    input
    - debian/patches/CVE-2020-25710.patch: properly handle error in
      servers/slapd/schema_init.c.
    - CVE-2020-25710

openldap (2.4.28-1.1ubuntu4.11) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
      equality rule in servers/slapd/modrdn.c.
    - CVE-2020-25692

openldap (2.4.28-1.1ubuntu4.10) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - CVE-2020-12243

openldap (2.4.28-1.1ubuntu4.9) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
      servers/slapd/saslauthz.c.
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
      tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
      tests/scripts/test028-idassert.
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

openldap (2.4.28-1.1ubuntu4.8) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via search with page size of 0
    - debian/patches/CVE-2017-9287.patch: fix double-free in
      servers/slapd/back-mdb/search.c.
    - CVE-2017-9287

Date: 2020-11-20 18:53:13.844325+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/openldap/2.4.28-1.1ubuntu4.12
-------------- next part --------------
Sorry, changesfile not available.

More information about the Precise-changes mailing list