diff -Nru openldap-2.4.45+dfsg/debian/changelog openldap-2.4.45+dfsg/debian/changelog --- openldap-2.4.45+dfsg/debian/changelog 2020-11-04 14:44:26.000000000 +0000 +++ openldap-2.4.45+dfsg/debian/changelog 2020-11-16 13:40:57.000000000 +0000 @@ -1,3 +1,18 @@ +openldap (2.4.45+dfsg-1ubuntu1.8) bionic-security; urgency=medium + + * SECURITY UPDATE: assertion failure in Certificate List syntax + validation + - debian/patches/CVE-2020-25709.patch: properly handle error in + servers/slapd/schema_init.c. + - CVE-2020-25709 + * SECURITY UPDATE: assertion failure in CSN normalization with invalid + input + - debian/patches/CVE-2020-25710.patch: properly handle error in + servers/slapd/schema_init.c. + - CVE-2020-25710 + + -- Marc Deslauriers Mon, 16 Nov 2020 08:40:57 -0500 + openldap (2.4.45+dfsg-1ubuntu1.7) bionic-security; urgency=medium * SECURITY UPDATE: DoS via NULL pointer dereference diff -Nru openldap-2.4.45+dfsg/debian/patches/CVE-2020-25709.patch openldap-2.4.45+dfsg/debian/patches/CVE-2020-25709.patch --- openldap-2.4.45+dfsg/debian/patches/CVE-2020-25709.patch 1970-01-01 00:00:00.000000000 +0000 +++ openldap-2.4.45+dfsg/debian/patches/CVE-2020-25709.patch 2020-11-16 13:40:46.000000000 +0000 @@ -0,0 +1,26 @@ +From 67670f4544e28fb09eb7319c39f404e1d3229e65 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 13:12:10 +0000 +Subject: [PATCH] ITS#9383 remove assert in certificateListValidate + +--- + servers/slapd/schema_init.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/servers/slapd/schema_init.c b/servers/slapd/schema_init.c +index ea0d67aa6..28f9e71a1 100644 +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -371,8 +371,7 @@ certificateListValidate( Syntax *syntax, struct berval *in ) + /* Optional version */ + if ( tag == LBER_INTEGER ) { + tag = ber_get_int( ber, &version ); +- assert( tag == LBER_INTEGER ); +- if ( version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; ++ if ( tag != LBER_INTEGER || version != SLAP_X509_V2 ) return LDAP_INVALID_SYNTAX; + } + tag = ber_skip_tag( ber, &len ); /* Signature Algorithm */ + if ( tag != LBER_SEQUENCE ) return LDAP_INVALID_SYNTAX; +-- +GitLab + diff -Nru openldap-2.4.45+dfsg/debian/patches/CVE-2020-25710.patch openldap-2.4.45+dfsg/debian/patches/CVE-2020-25710.patch --- openldap-2.4.45+dfsg/debian/patches/CVE-2020-25710.patch 1970-01-01 00:00:00.000000000 +0000 +++ openldap-2.4.45+dfsg/debian/patches/CVE-2020-25710.patch 2020-11-16 13:40:55.000000000 +0000 @@ -0,0 +1,22 @@ +From bdb0d459187522a6063df13871b82ba8dcc6efe2 Mon Sep 17 00:00:00 2001 +From: Howard Chu +Date: Mon, 2 Nov 2020 16:01:14 +0000 +Subject: [PATCH] ITS#9384 remove assert in obsolete csnNormalize23() + +--- + servers/slapd/schema_init.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/servers/slapd/schema_init.c ++++ b/servers/slapd/schema_init.c +@@ -5315,8 +5315,8 @@ csnNormalize23( + } + *ptr = '\0'; + +- assert( ptr == &bv.bv_val[bv.bv_len] ); +- if ( csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { ++ if ( ptr != &bv.bv_val[bv.bv_len] || ++ csnValidate( syntax, &bv ) != LDAP_SUCCESS ) { + return LDAP_INVALID_SYNTAX; + } + diff -Nru openldap-2.4.45+dfsg/debian/patches/series openldap-2.4.45+dfsg/debian/patches/series --- openldap-2.4.45+dfsg/debian/patches/series 2020-11-04 14:44:21.000000000 +0000 +++ openldap-2.4.45+dfsg/debian/patches/series 2020-11-16 13:40:50.000000000 +0000 @@ -36,3 +36,5 @@ CVE-2020-12243.patch ITS-9171-Insert-callback-in-the-right-place.patch CVE-2020-25692.patch +CVE-2020-25709.patch +CVE-2020-25710.patch