Format: 1.8 Date: Fri, 26 Jul 2019 13:28:04 -0400 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: i386 i386_translations Version: 2.4.42+dfsg-2ubuntu3.6 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Changes: openldap (2.4.42+dfsg-2ubuntu3.6) xenial-security; urgency=medium . * SECURITY UPDATE: rootDN proxyauthz not restricted to its own databases - debian/patches/CVE-2019-13057-1.patch: add restriction to servers/slapd/saslauthz.c. - debian/patches/CVE-2019-13057-2.patch: add tests to tests/data/idassert.out, tests/data/slapd-idassert.conf, tests/data/test-idassert1.ldif, tests/scripts/test028-idassert. - debian/patches/CVE-2019-13057-3.patch: fix typo in tests/scripts/test028-idassert. - debian/patches/CVE-2019-13057-4.patch: fix typo in tests/scripts/test028-idassert. - CVE-2019-13057 * SECURITY UPDATE: SASL SSF not initialized per connection - debian/patches/CVE-2019-13565.patch: zero out sasl_ssf in connection_init in servers/slapd/connection.c. - CVE-2019-13565 Checksums-Sha1: 521d37286df0de3522a4c60162776687751e5614 934 ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 1793881777f1c8dc03d7ae77afc572f44fe0cd82 120456 ldap-utils_2.4.42+dfsg-2ubuntu3.6_i386.deb 81601d9e2a52f1eac947746e2a05f85896f8869b 339404 libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb 637d0ee0f8e66973ec01fafdde49036d81f8c8a4 884 libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 226d33ced15e90ddf3aeebd8adfd353aaee34ef5 172400 libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_i386.deb 14142584a69d191938aaa0e4889beb8bf9931bef 918 libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 51c2c49003c5dc22aeb4464484ed7bdf682cd79e 279058 libldap2-dev_2.4.42+dfsg-2ubuntu3.6_i386.deb 543a8e56d0999b09e6116e63739bf56e21dcc298 55930 openldap_2.4.42+dfsg-2ubuntu3.6_i386_translations.tar.gz 32e25903bd11ebfb6dd7a8e219463b352bfc7285 5007782 slapd-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb 8e1ac786f1de5521b93c4ccdf80718201cc28a11 896 slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb aeff58638956d15de64c465ff3a2ae1cbbc83452 948 slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 0dd5bec284d19f5eadb59cb6756d7e081c6649d2 18600 slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_i386.deb f60ac7887460c5bc0bd12646d6083dcc287b872c 1445696 slapd_2.4.42+dfsg-2ubuntu3.6_i386.deb Checksums-Sha256: d1d03f17d59d2410e1d5ccb707501b30c2004bfdfeb3fbb95f82b00e5f5a84a2 934 ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 226f927dbff6cfbbba5482f6bb7299354683a601429dc97d87ef53fcc99b1151 120456 ldap-utils_2.4.42+dfsg-2ubuntu3.6_i386.deb d7db0cb65a7e52d457ff0a594c67e2c3a02a2c22c4ced991a231e0e1e14f48a8 339404 libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb 4b97b59310fd14e75383547b930567f090c61500899e6b02e7deff6df5302497 884 libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 123e6e920bc15db03adf5485ae654b1b61fa1f34a33a34d1674bc46ebdb2cf47 172400 libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_i386.deb 5e5f99d4d36efbcba95c4426663e960c261adce37102ce67253596c8869b5003 918 libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 2836990bfa1a4cff6fe91ab5fd78f10e17e82ef74c4496170f38d4254bd2130f 279058 libldap2-dev_2.4.42+dfsg-2ubuntu3.6_i386.deb 0d2c2d9aa9bbcd33a3bf870e1a980ade1134fc823d6d0cf3a021566959e5a6be 55930 openldap_2.4.42+dfsg-2ubuntu3.6_i386_translations.tar.gz cf61adb027e58466ee60e7898d4dff7c0a98ef2bce17dcc921b4d7c1f2ca81b3 5007782 slapd-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb a931352b64e9339390c0402c09e97d9a3674fe5d58b61741a4520355a8579cf4 896 slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 9428e274243f12d214c2e0c6123f5366268ab2cec9b7018e5999872a57035e51 948 slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb c82274ff834abcc183bf298cbeadd07c6f8c3d94399a5b1f05e1a5ec4a61ae5e 18600 slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_i386.deb 747f9ec8bb155e4b881b745b5a2505fde661db3dd1b04521bff6c1a3e4dbd420 1445696 slapd_2.4.42+dfsg-2ubuntu3.6_i386.deb Files: 4ebe89eec0a331d074adc06a3ae94aa1 934 net extra ldap-utils-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 5f371531c56865b10ca0d56f4257b5ec 120456 net optional ldap-utils_2.4.42+dfsg-2ubuntu3.6_i386.deb 289f40f2d8ef3e695a9dd3e1af7f9073 339404 debug extra libldap-2.4-2-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb ef013fdff12ca199537d42df0c00f203 884 libs extra libldap-2.4-2-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 3bf60da6ef12d3d5d6fad9e431c7de43 172400 libs standard libldap-2.4-2_2.4.42+dfsg-2ubuntu3.6_i386.deb 102e3f57604ae68235ed0a6bd133a662 918 libdevel extra libldap2-dev-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 469c14e9519fd8156336769bad43f8f3 279058 libdevel extra libldap2-dev_2.4.42+dfsg-2ubuntu3.6_i386.deb 76e2b76eb7f8fc2916bc1f30bf866cc7 55930 raw-translations - openldap_2.4.42+dfsg-2ubuntu3.6_i386_translations.tar.gz 7f26571bf7087dc4df98fbe5c560a00f 5007782 debug extra slapd-dbg_2.4.42+dfsg-2ubuntu3.6_i386.deb 66e1549c38faaeb99969803c263f24bd 896 net extra slapd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb b5222e18ab1d676fc2d90860112d8221 948 net extra slapd-smbk5pwd-dbgsym_2.4.42+dfsg-2ubuntu3.6_i386.ddeb 6feaadec5a7a0c661e4e8d083d0b5dcd 18600 net extra slapd-smbk5pwd_2.4.42+dfsg-2ubuntu3.6_i386.deb f731b09caf536f6c1fa131c7257907de 1445696 net optional slapd_2.4.42+dfsg-2ubuntu3.6_i386.deb Original-Maintainer: Debian OpenLDAP Maintainers