Format: 1.8 Date: Fri, 26 Jul 2019 13:28:04 -0400 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: arm64 arm64_translations Version: 2.4.42+dfsg-2ubuntu3.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Changes: openldap (2.4.42+dfsg-2ubuntu3.6) xenial-security; urgency=medium . * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases - debian/patches/CVE-2019-13057-1.patch: add restriction to servers/slapd/saslauthz.c. - debian/patches/CVE-2019-13057-2.patch: add tests to tests/data/idassert.out, tests/data/slapd-idassert.conf, tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. - debian/patches/CVE-2019-13057-3.patch: fix typo in tests/scripts/test028-idassert. - debian/patches/CVE-2019-13057-4.patch: fix typo in tests/scripts/test028-idassert. - CVE-2019-13057 * SECURITY UPDATE: SASL SSF not initialized per connection - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in connection_init in servers/slapd/connection.c. - CVE-2019-13565 Checksums-Sha1: 2e795acbd013dba2e8aba55eb1eb960fc3024ada 934 ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 6bfc9398fdc54be16aa6d59febeca4585cfc92f4 107310 ldap-utils_2.4.42+dfsg-2ubuntu3.6_arm64.deb 87db95a685c6f49765b043e219be68675d85250b 424048 libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb e95723a8faad4c8d9e07532b8f204833d6b063f3 886 libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 800386a0ddc5cdcf9e608c508f4051cda0c4b8aa 134508 libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_arm64.deb 33e912d8997005e3466da1d0aa00d9601cf975fa 916 libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb ee1cd14b0380fdb4e91573533f7700244e4519bd 243880 libldap2-dev_2.4.42+dfsg-2ubuntu3.6_arm64.deb b8c83c150d847f3d9aad1eeb9bde86694bd21c58 56504 openldap_2.4.42+dfsg-2ubuntu3.6_arm64_translations.tar.gz f1c5573d5fc48b4937f878bf3ec10b57b1c7cd0c 5512340 slapd-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb 7ec5c18beb2a417a3e6b4e223696463c785fe754 894 slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb ba2c0289dcd1bc9cb3e097a3cdbb41d1e4838c3a 950 slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb e6fd8e150c2f2eb6b90b968bd7ae7e78bfb24181 17564 slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_arm64.deb 8bedac1d380f2c26d42002af1130745c891dcf08 1197118 slapd_2.4.42+dfsg-2ubuntu3.6_arm64.deb Checksums-Sha256: e598fb13ca470ee8a579f42447c7007c9944d4ff87ebfa39187601f64b7c435d 934 ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 0bc4bbc185aaed833c68cf33bc8ad16982f94d99dc36ddb18909db402b134e9a 107310 ldap-utils_2.4.42+dfsg-2ubuntu3.6_arm64.deb 2842b2ccee2cb033251e979a257fd66a904060ce06d76bf75791a57681e4d9b2 424048 libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb 11f938e0519d244ecffa8351d1f5e0e58ecdd9bed4453c48f04f83a1ec0628bb 886 libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 16bfaf82766a5bdeff4e721dd6431ffc9567e90c9a296d24132769150125396e 134508 libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_arm64.deb 3821bc3af39dd9362013b5b91fd696cc65a014cf020c9bdd21b898b5575f6aa9 916 libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb da3523ec175b0b5a8fef903903988390ef88d3b14ea25c965e9176b50755d106 243880 libldap2-dev_2.4.42+dfsg-2ubuntu3.6_arm64.deb 16213ca80a4316ed980268b68e0d44d82225d6218c2dcabf67077749204a5f89 56504 openldap_2.4.42+dfsg-2ubuntu3.6_arm64_translations.tar.gz 4a6a69b6856bb58e18f0d4a9c4e0bacb9429f8e7293bc8b65d8d186bd88f9c69 5512340 slapd-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb b80cd1aa820ced23e9810b3422e6618dd1d1685faf5ebc5ee0db6d48fdebbd88 894 slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 4b9618e972ef149a320bfbacbd7ec29af90bb0ab13f9a96896e784f14a954797 950 slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 4fb2377935a38727e546c4690881f714a3cd37632bd5102e71a47a11854b7ed7 17564 slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_arm64.deb c7a0e5f74866721650a8b144d0f71dbf16822681817fe56a155b9f34ba7085c8 1197118 slapd_2.4.42+dfsg-2ubuntu3.6_arm64.deb Files: c2cad53509f5d2574060d1eb4f69ddff 934 net extra ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb d6a9c66eadee6ee096496efadc877272 107310 net optional ldap-utils_2.4.42+dfsg-2ubuntu3.6_arm64.deb 1db831695b8929fe7ba673488c8132de 424048 debug extra libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb 5391c6d817b884b4250ccf368343ca47 886 libs extra libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 99575065f58835edfa2acd2240c8e952 134508 libs standard libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_arm64.deb 528ea06e1d01b2aaff53857677bf4e6b 916 libdevel extra libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 543b3d1d7552ebc8317785113a7f811f 243880 libdevel extra libldap2-dev_2.4.42+dfsg-2ubuntu3.6_arm64.deb 40861ae59e7ab55373a55f921b423261 56504 raw-translations - openldap_2.4.42+dfsg-2ubuntu3.6_arm64_translations.tar.gz 75fef0f0add328cfa6691b1739f06028 5512340 debug extra slapd-dbg_2.4.42+dfsg-2ubuntu3.6_arm64.deb 6b616422dbd8774433d86c1e3bfdcb63 894 net extra slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 66540689197ffe72741aac73e2da8dbe 950 net extra slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_arm64.ddeb 2379e3694ee456c93d053dc825eef593 17564 net extra slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_arm64.deb 6fb50e6a7f366f6a1f93c7481a8d9a11 1197118 net optional slapd_2.4.42+dfsg-2ubuntu3.6_arm64.deb Original-Maintainer: Debian OpenLDAP Maintainers