Summary: | <net-nds/openldap-2.4.43: ber_get_next denial of service vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ldap-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1262393 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-nds/openldap-2.4.44
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 539044 |
Description
Agostino Sarubbo
![]() Is version 2.4.44 contain the Fix or this vulnerability? If it does we can stabilize it for both this bug and 539044 This was fixed in =net-nds/openldap-2.4.43. From http://www.openldap.org/software/release/changes.html: > OpenLDAP 2.4.43 Release (2015/11/30) > Fixed liblber remove obsolete assert (ITS#8240, ITS#8301) > [...] @ Arches, please test and mark stable: =net-nds/openldap-2.4.44 Stable target(s): alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable x86 stable Stable on alpha. sparc stable arm stable ppc stable Stable for HPPA. ia64 stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. Tree is clean and the security mask remains for 2.3.x versions per maintainers feedback. (In reply to Aaron Bauman from comment #13) > Tree is clean and the security mask remains for 2.3.x versions per > maintainers feedback. please revert back openldap-2.4.15-ppolicy.patch ASAP. It is in use by the stable version. https://bugs.gentoo.org/show_bug.cgi?id=607560 (In reply to Anton Bolshakov from comment #14) > (In reply to Aaron Bauman from comment #13) > > Tree is clean and the security mask remains for 2.3.x versions per > > maintainers feedback. > > please revert back openldap-2.4.15-ppolicy.patch ASAP. It is in use by the > stable version. > > https://bugs.gentoo.org/show_bug.cgi?id=607560 reverted. thanks. Can we please update the patch set and drop the vulnerable versions? (In reply to Yury German from comment #16) > Can we please update the patch set and drop the vulnerable versions? The patch set is good. The reversion was for one that is needed. @maintainer, can we drop 2.3.x yet? |