Summary: | <net-nds/openldap-2.4.49-r2: denial of service (slapd crash) via a member MODDN operation (CVE-2017-17740) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ldap-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openldap.org/its/index.cgi/Incoming?id=8759 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 719960 | ||
Bug Blocks: |
Description
D'juan McDonald (domhnall)
2017-12-18 14:44:44 UTC
we have newer versions in stable already The vulnerability is still present. @ maintainer(s): Please rev bump and don't build contrib module "nops" from "nops-overlay". The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=276da7075cf8a92fa965fda056817d68eeac7b40 commit 276da7075cf8a92fa965fda056817d68eeac7b40 Author: Patrick McLean <chutzpah@gentoo.org> AuthorDate: 2020-03-18 01:25:56 +0000 Commit: Patrick McLean <chutzpah@gentoo.org> CommitDate: 2020-03-18 01:33:48 +0000 net-nds/openldap-2.4.49-r2: revbump, fix pkg_postinst, sec bug #641576 pkg_postinst currently die()-s if /var/run/openldap doesn't exist, this breaks many cases (chroot build, first install etc). Also disable build of nops module for security bug #641576 Bug: https://bugs.gentoo.org/641576 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Patrick McLean <chutzpah@gentoo.org> net-nds/openldap/openldap-2.4.49-r2.ebuild | 903 +++++++++++++++++++++++++++++ 1 file changed, 903 insertions(+) Thanks for that. @maintainer(s), please advise if you are ready for stabilisation or call for stabilistion yourself. @maintainer(s): ping. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4bf2f1709bbb8b087c56a2e01ce735d0dac58c2b commit 4bf2f1709bbb8b087c56a2e01ce735d0dac58c2b Author: Robin H. Johnson <robbat2@gentoo.org> AuthorDate: 2020-05-02 23:12:26 +0000 Commit: Robin H. Johnson <robbat2@gentoo.org> CommitDate: 2020-05-02 23:12:26 +0000 net-nds/openldap: bump for security CVE-2020-12243 Also update mirrors to use HTTPS/HTTPS, because upstream's official download URL is a FTP site which seems to be broken. Bug: https://bugs.gentoo.org/641576 Bug: https://bugs.gentoo.org/719960 Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> net-nds/openldap/Manifest | 1 + net-nds/openldap/openldap-2.4.50.ebuild | 907 ++++++++++++++++++++++++++++++++ 2 files changed, 908 insertions(+) GLSA vote: no. |