lp:ubuntu/dapper-updates/openldap2.2
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/openldap2.2
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 14. By Steve Beattie
-
* SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
- servers/slapd/modrdn. c: check return for errors and clean up uninitialized data
- servers/slapd/dn.c: return error on 0-length or binary RDNs
- servers/slapd/schema_ init.c: return error on invalid syntax
- References
CVE-2010-0211, CVE-2010-0212
http://www.openldap. org/devel/ cvsweb. cgi/servers/ slapd/modrdn. c.diff? r1=1.170. 2.7&r2= 1.170.2. 8
http://www.openldap. org/devel/ cvsweb. cgi/servers/ slapd/dn. c.diff? r1=1.182. 2.15&r2= 1.182.2. 16
http://www.openldap. org/devel/ cvsweb. cgi/servers/ slapd/schema_ init.c. diff?r1= 1.386.2. 39&r2=1. 386.2.40 - 13. By Marc Deslauriers
-
* SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
- libraries/libldap/ tls.c: get the last CN and check for length match.
- http://www.openldap. org/devel/ cvsweb. cgi/libraries/ libldap/ tls_o.c. diff?r1= 1.8&r2= 1.12
- CVE-2009-3767 - 12. By Kees Cook
-
* SECURITY UPDATE: denial of service via broken BER decoding.
* libraries/liblber/ io.c: backported upstream fixes.
* References
CVE-2008-2952
http://www.openldap. org/devel/ cvsweb. cgi/libraries/ liblber/ io.c.diff? r1=1.107. 2.7&r2= 1.107.2. 8&hideattic= 1&sortbydate= 0 - 10. By Jamie Strandboge
-
* SECURITY UPDATE: slapd crash when processing crafted modify requests
* debian/patches/ SECURITY_ CVE-2007- 5707.patch: properly reset slap_mod_list
when normalization fails in servers/slapd/modify. c
* References
CVE-2007-5707
Fixes LP #163740 - 9. By Kees Cook
-
* SECURITY UPDATE: Denial of service possible with a crafted remote
LDAP BIND request due to an assert failure.
* libraries/libldap/ getdn.c: check for string end conditions, as done
in upstream CVS.
* References
http://www.openldap. org/devel/ cvsweb. cgi/libraries/ libldap/ getdn.c. diff?r1= 1.133&r2= 1.134
CVE-2006-5779 - 8. By Martin Pitt
-
* SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
* servers/slurpd/ st.c, St_read():
- Do not sprintf arbitrarily long strings into fixed-size tbuf.
- Patch ported from upstream CVS commit:
http://www.openldap. org/devel/ cvsweb. cgi/servers/ slurpd/ st.c.diff?
r1=1.21&r2= 1.22&hideattic= 1&sortbydate= 0&f=u
- CVE-2006-2754 - 6. By Fabio Massimo Di Nitto
-
* Switch default config to use ssl-cert-snakeoil certificates.
* Add Depends on ssl-cert.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)