Ubuntu
openldap2.2 package

lp:ubuntu/dapper-updates/openldap2.2

  1. Dapper (6.06)
  2. dapper-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-updates/openldap2.2
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

14. By Steve Beattie

* SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
  - servers/slapd/modrdn.c: check return for errors and clean up uninitialized data
  - servers/slapd/dn.c: return error on 0-length or binary RDNs
  - servers/slapd/schema_init.c: return error on invalid syntax
  - References
    CVE-2010-0211, CVE-2010-0212
    http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.7&r2=1.170.2.8
    http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/dn.c.diff?r1=1.182.2.15&r2=1.182.2.16
    http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema_init.c.diff?r1=1.386.2.39&r2=1.386.2.40

13. By Marc Deslauriers

* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
  - libraries/libldap/tls.c: get the last CN and check for length match.
  - http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.12
  - CVE-2009-3767

12. By Kees Cook

* SECURITY UPDATE: denial of service via broken BER decoding.
* libraries/liblber/io.c: backported upstream fixes.
* References
  CVE-2008-2952
  http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0

11. By Jamie Strandboge

version bump for -proposed version conflict

10. By Jamie Strandboge

* SECURITY UPDATE: slapd crash when processing crafted modify requests
* debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list
  when normalization fails in servers/slapd/modify.c
* References
  CVE-2007-5707
  Fixes LP #163740

9. By Kees Cook

* SECURITY UPDATE: Denial of service possible with a crafted remote
  LDAP BIND request due to an assert failure.
* libraries/libldap/getdn.c: check for string end conditions, as done
  in upstream CVS.
* References
  http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134
  CVE-2006-5779

8. By Martin Pitt

* SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
* servers/slurpd/st.c, St_read():
  - Do not sprintf arbitrarily long strings into fixed-size tbuf.
  - Patch ported from upstream CVS commit:
    http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?
    r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u
  - CVE-2006-2754

7. By Scott James Remnant (Canonical)

Create /var/run/slapd in the init script.

6. By Fabio Massimo Di Nitto

* Switch default config to use ssl-cert-snakeoil certificates.
* Add Depends on ssl-cert.

5. By Martin Pitt

Rebuild against openssl 0.9.8.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers