Change log for openldap2.2 package in Ubuntu
1 → 21 of 21 results | First • Previous • Next • Last |
openldap2.2 (2.2.26-5ubuntu2.10) dapper-security; urgency=low * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls - servers/slapd/modrdn.c: check return for errors and clean up uninitialized data - servers/slapd/dn.c: return error on 0-length or binary RDNs - servers/slapd/schema_init.c: return error on invalid syntax - References CVE-2010-0211, CVE-2010-0212 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.7&r2=1.170.2.8 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/dn.c.diff?r1=1.182.2.15&r2=1.182.2.16 http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema_init.c.diff?r1=1.386.2.39&r2=1.386.2.40 -- Steve Beattie <email address hidden> Thu, 29 Jul 2010 16:25:34 -0700
Available diffs
openldap2.2 (2.2.26-5ubuntu2.9) dapper-security; urgency=low * SECURITY UPDATE: SSL certificate bypass with NULL CN byte. - libraries/libldap/tls.c: get the last CN and check for length match. - http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.12 - CVE-2009-3767 -- Marc Deslauriers <email address hidden> Wed, 11 Nov 2009 11:53:46 -0500
Available diffs
openldap2.2 (2.2.26-5ubuntu2.8) dapper-security; urgency=high * SECURITY UPDATE: denial of service via broken BER decoding. * libraries/liblber/io.c: backported upstream fixes. * References CVE-2008-2952 http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0 -- Kees Cook <email address hidden> Thu, 31 Jul 2008 16:14:11 -0700
Available diffs
openldap2.2 (2.2.26-5ubuntu2.7) dapper-proposed; urgency=low * The config scripts are run twice, this causes the password in slapd/internal/adminpw to be empty. This fixes the issue with having an empty password in the ldap database. Fixes: LP #66925. -- Mathias Gug <email address hidden> Mon, 5 May 2008 18:24:32 -0400
openldap2.2 (2.2.26-5ubuntu3.3) edgy-security; urgency=low * SECURITY UPDATE: slapd crash when using the bdb backend and processing crafted modify and modrdn requests * patch to back-bdb/add.c, back-bdb/ctxcsn.c, back-bdb/delete.c, back-bdb/modify.c, back-bdb/modrdn.c to properly check for NOOP option * References: CVE-2007-6698 CVE-2008-0658 LP: #197077 -- Jamie Strandboge <email address hidden> Tue, 04 Mar 2008 09:41:01 -0500
openldap2.2 (2.2.26-5ubuntu2.6) dapper-security; urgency=low * version bump for -proposed version conflict
Deleted in dapper-proposed (Reason: moved to -updates) |
openldap2.2 (2.2.26-5ubuntu2.5) dapper-proposed; urgency=low * The config scripts is runned twice, this causes the password in slapd/internal/adminpw to be empty. This fixes the issue with having an empty password in the ldap database. LP: #66925. -- Mathias Gug <email address hidden> Fri, 18 Jan 2008 11:45:57 -0500
openldap2.2 (2.2.26-5ubuntu3.2) edgy-security; urgency=low * SECURITY UPDATE: slapd crash when processing crafted modify requests * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list when normalization fails in servers/slapd/modify.c * References CVE-2007-5707 Fixes LP #163740 -- Jamie Strandboge <email address hidden> Fri, 30 Nov 2007 16:16:38 -0500
openldap2.2 (2.2.26-5ubuntu2.4) dapper-security; urgency=low * SECURITY UPDATE: slapd crash when processing crafted modify requests * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list when normalization fails in servers/slapd/modify.c * References CVE-2007-5707 Fixes LP #163740 -- Jamie Strandboge <email address hidden> Fri, 30 Nov 2007 16:20:42 -0500
Superseded in dapper-proposed |
openldap2.2 (2.2.26-5ubuntu2.3) dapper-proposed; urgency=low * The config scripts is runned twice, this causes the password in slapd/internal/adminpw to be empty. This fixes the issue with having an empty password in the ldap database. Fixes: LP #66925. -- Mathias Gug <email address hidden> Tue, 18 Sep 2007 17:19:35 -0400
openldap2.2 (2.2.26-5ubuntu3.1) edgy-security; urgency=low * SECURITY UPDATE: Denial of service possible with a crafted remote LDAP BIND request due to an assert failure. * libraries/libldap/getdn.c: check for string end conditions, as done in upstream CVS. * References http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134 CVE-2006-5779 -- Kees Cook <email address hidden> Sat, 11 Nov 2006 12:55:50 -0800
openldap2.2 (2.2.26-5ubuntu2.2) dapper-security; urgency=low * SECURITY UPDATE: Denial of service possible with a crafted remote LDAP BIND request due to an assert failure. * libraries/libldap/getdn.c: check for string end conditions, as done in upstream CVS. * References http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134 CVE-2006-5779 -- Kees Cook <email address hidden> Mon, 20 Nov 2006 13:37:35 -0800
Obsolete in breezy-security |
openldap2.2 (2.2.26-3ubuntu0.2) breezy-security; urgency=low * SECURITY UPDATE: Denial of service possible with a crafted remote LDAP BIND request due to an assert failure. * libraries/libldap/getdn.c: check for string end conditions, as done in upstream CVS. * References http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134 CVE-2006-5779 -- Kees Cook <email address hidden> Mon, 20 Nov 2006 13:43:38 -0800
Deleted in feisty-release (Reason: (From Debian) RoQA; superseded by openldap2.3; RC-buggy (...) |
Obsolete in edgy-release |
openldap2.2 (2.2.26-5ubuntu3) edgy; urgency=low * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names. * servers/slurpd/st.c, St_read(): - Do not sprintf arbitrarily long strings into fixed-size tbuf. - Patch ported from upstream CVS commit: http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff? r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u - CVE-2006-2754 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 11:37:55 +0000
Superseded in dapper-security |
openldap2.2 (2.2.26-5ubuntu2.1) dapper-security; urgency=low * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names. * servers/slurpd/st.c, St_read(): - Do not sprintf arbitrarily long strings into fixed-size tbuf. - Patch ported from upstream CVS commit: http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff? r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u - CVE-2006-2754 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 11:37:55 +0000
Superseded in breezy-security |
openldap2.2 (2.2.26-3ubuntu0.1) breezy-security; urgency=low * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names. * servers/slurpd/st.c, St_read(): - Do not sprintf arbitrarily long strings into fixed-size tbuf. - Patch ported from upstream CVS commit: http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff? r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u - CVE-2006-2754 -- Martin Pitt <email address hidden> Mon, 26 Jun 2006 12:04:39 +0000
openldap2.2 (2.2.26-5ubuntu2) dapper; urgency=low * Create /var/run/slapd in the init script. -- Scott James Remnant <email address hidden> Tue, 11 Apr 2006 02:18:17 +0100
Superseded in dapper-release |
openldap2.2 (2.2.26-5ubuntu1) dapper; urgency=low * Switch default config to use ssl-cert-snakeoil certificates. * Add Depends on ssl-cert. -- Fabio M. Di Nitto <email address hidden> Mon, 13 Feb 2006 08:48:02 +0100
Superseded in dapper-release |
openldap2.2 (2.2.26-5build1) dapper; urgency=low * Rebuild against openssl 0.9.8. -- Martin Pitt <email address hidden> Mon, 30 Jan 2006 10:48:59 +0000
openldap2.2 (2.2.26-5) unstable; urgency=low Steve Langasek <email address hidden>: * debian/slapd.templates: Fix typo durin -> during; re-run debconf-updatepo, fixing up the fuzzies (closes: #319596). Torsten Landschoff <email address hidden>: * debian/control: Remove conflicts with ldap-server and ldap-client virtual packages in preparation for new OpenLDAP packages. * debian/slapd.scripts-common: Wipe the admin password from the debconf database after installation (closes: #260204). * Semi-automatic update of config.sub and config.guess. -- Torsten Landschoff <email address hidden> Mon, 31 Oct 2005 09:06:46 +0100
openldap2.2 (2.2.26-3) unstable; urgency=low * [SECURITY] Applied the patch available at http://bugzilla.padl.com/show_bug.cgi?id=210 to force libldap to really use TLS when requested in /etc/ldap/ldap.conf (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2 source package so this is only to prepare unleashing the libraries of OpenLDAP 2.2 for unstable... -- Torsten Landschoff <email address hidden> Sun, 3 Jul 2005 10:41:37 +0200
1 → 21 of 21 results | First • Previous • Next • Last |