Summary: | <=net-nds/openldap-2.4.36 : segfault on certain queries with rwm overlay (CVE-2013-4449) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ldap-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1019490 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2013-10-17 07:37:14 UTC
Redhat issue states it was fixed and pushed in openldap-2.4.39-2 Available upstream CVE-2013-4449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4449): The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. Maintainers, this security issue has been around since Feb 2014. Can we please bump to a non vulnerable version. Ping for update, do we have an ebuild with non-vulnerable version? The CVE states the vulnerable version in <=2.4.36. 2.4.38 was added 2013/12/13, and 2.4.38-r2 is already stable on everything except s390 and sh; Thank you for the update. So the only thing left is the Cleanup of 2.4.35*. Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No GLSA vote: no, too. Maintainer(s): Ping on cleanup! InCVS. |