[ubuntu/xenial-security] openldap 2.4.42+dfsg-2ubuntu3.6 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jul 30 16:43:21 UTC 2019

openldap (2.4.42+dfsg-2ubuntu3.6) xenial-security; urgency=medium

  * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases
    - debian/patches/CVE-2019-13057-1.patch: add restriction to
    - debian/patches/CVE-2019-13057-2.patch: add tests to
      tests/data/idassert.out, tests/data/slapd-idassert.conf,
      tests/data/test-idassert1.ldif, tests/scripts/test028-idassert.
    - debian/patches/CVE-2019-13057-3.patch: fix typo in
    - debian/patches/CVE-2019-13057-4.patch: fix typo in
    - CVE-2019-13057
  * SECURITY UPDATE: SASL SSF not initialized per connection
    - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in
      connection_init in servers/slapd/connection.c.
    - CVE-2019-13565

openldap (2.4.42+dfsg-2ubuntu3.5) xenial; urgency=medium

  * Fix sysv-generator unit file by customizing parameters (LP: #1821343)
    - d/slapd-remain-after-exit.conf: Override RemainAfterExit to allow
      correct systemctl status for slapd daemon.
    - d/slapd.install: place override file in correct location.

openldap (2.4.42+dfsg-2ubuntu3.4) xenial; urgency=medium

  * d/apparmor-profile: update apparmor profile to allow reading of
    files needed when slapd is behaving as a kerberos/gssapi client
    and acquiring its own ticket. (LP: #1783183)

openldap (2.4.42+dfsg-2ubuntu3.3) xenial; urgency=medium

  [ Ryan Tandy ]
  * d/p/ITS-8648-check-result-of-ldap_int_initialize-in-ldap.patch,
    d/p/ITS-8648-init-SASL-library-in-global-init.patch: Import upstream
    patches to fix memory corruption caused by calling sasl_client_init()
    multiple times and possibly concurrently.  (ITS#8648) (LP: #1688575)

Date: 2019-07-29 18:22:13.397162+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list