diff -u openldap-2.4.28/debian/slapd.init.ldif openldap-2.4.28/debian/slapd.init.ldif --- openldap-2.4.28/debian/slapd.init.ldif +++ openldap-2.4.28/debian/slapd.init.ldif @@ -78,7 +78,6 @@ by * none olcAccess: to dn.base="" by * read olcAccess: to * - by self write by dn="cn=admin,@SUFFIX@" write by * read diff -u openldap-2.4.28/debian/changelog openldap-2.4.28/debian/changelog --- openldap-2.4.28/debian/changelog +++ openldap-2.4.28/debian/changelog @@ -1,3 +1,16 @@ +openldap (2.4.28-1.1ubuntu4.6) precise-security; urgency=medium + + * SECURITY UPDATE: denial of service via crafted BER data + - debian/patches/CVE-2015-6908.patch: remove obsolete assert in + libraries/liblber/io.c. + - CVE-2015-6908 + * SECURITY UPDATE: user impersonation via incorrect default permissions + - debian/slapd.init.ldif: disallow modifying one's own entry by + default. + - CVE-2014-9713 + + -- Marc Deslauriers Mon, 14 Sep 2015 10:37:35 -0400 + openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via an LDAP search query diff -u openldap-2.4.28/debian/patches/series openldap-2.4.28/debian/patches/series --- openldap-2.4.28/debian/patches/series +++ openldap-2.4.28/debian/patches/series @@ -31,0 +32 @@ +CVE-2015-6908.patch only in patch2: unchanged: --- openldap-2.4.28.orig/debian/patches/CVE-2015-6908.patch +++ openldap-2.4.28/debian/patches/CVE-2015-6908.patch @@ -0,0 +1,25 @@ +From 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Thu, 10 Sep 2015 00:37:32 +0100 +Subject: [PATCH] ITS#8240 remove obsolete assert + +--- + libraries/liblber/io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c +index 85c3e23..c05dcf8 100644 +--- a/libraries/liblber/io.c ++++ b/libraries/liblber/io.c +@@ -679,7 +679,7 @@ done: + return (ber->ber_tag); + } + +- assert( 0 ); /* ber structure is messed up ?*/ ++ /* invalid input */ + return LBER_DEFAULT; + } + +-- +1.7.10.4 +