Per the Red Hat bug at $URL: "A bug in slapd's UTF8StringNormalize() function can cause a one-byte buffer overflow when it is passed a zero-length string. The code then writes a '\0' past the one-byte long buffer allocated on the heap, which could possibly allow a remote authenticated user to crash slapd. As per the upstream report [1], this bug has been present since 2003-04-07 [2]... A patch to correct the flaw has been committed [3] (depends on the previous patch [4])." [1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059 [2] http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=67d6b23d [3] http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9 [4] http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=d0dd8616f1c68a868afeb8c2c5c09969e366e2c0
CVE-2011-4079 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4079): Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value.
Fixed in 2.4.27, from changelog: Fixed slapd schema UTF8StringNormalize with 0 length values. P.S. is also out 2.4.28
*** Bug 392427 has been marked as a duplicate of this bug. ***
2.4.28 has been in-tree since 2012/02/02. However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old stuff).
(In reply to comment #4) > 2.4.28 has been in-tree since 2012/02/02. > However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are > no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old > stuff). Robin, shall we stabilize =net-nds/openldap-2.4.28-r1 now? Thanks.
Just waiting for a resolution on bug 404555 regarding the automake changes in the new OpenLDAP, then we can go for stable.
Arches, please test and stable. FEATURES=test should work, but if it doesn't open a bug and I'll review the output. target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
amd64 stable
Stable for HPPA.
x86 stable
alpha/arm/ia64/s390/sh/sparc stable
ppc done
arm stable
ppc64 done
Thanks, everyone. GLSA Vote: yes.
Vote: yes, too. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201406-36 at http://security.gentoo.org/glsa/glsa-201406-36.xml by GLSA coordinator Yury German (BlueKnight).
