213823 – <app-emulation/emul-linux-x86-baselibs-20080316; <net-nds/openldap-2.3.41 crash, authenticated user, MODRDN operation (CVE-2008-0658)

Bug 213823 - <app-emulation/emul-linux-x86-baselibs-20080316; <net-nds/openldap-2.3.41 crash, authenticated user, MODRDN operation (CVE-2008-0658)

Summary: <app-emulation/emul-linux-x86-baselibs-20080316; <net-nds/openldap-2.3.41 cra...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://www.openldap.org/its/index.cgi...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-03-18 12:41 UTC by Matt Fleming (RETIRED)
Modified:	2014-05-19 01:27 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matt Fleming (RETIRED) gentoo-dev

2008-03-18 12:41:37 UTC

emul-linux-x86-baselibs contains a vulnerable version of openldap (CVE-2008-0658).

See, https://bugs.gentoo.org/show_bug.cgi?id=209677

net-nds/openldap-2.3.41 contains the fix.

Comment 1 Matt Fleming (RETIRED) gentoo-dev

2008-03-20 10:54:34 UTC

Latest baselibs fixes:

glib-2.14.3:    bug 209293, GLSA 200803-24
libpcre-7.4:    bug 209067, GLSA 200803-24
libxml2-2.6.30: bug 202628, GLSA 200801-20
openldap-2.3.41: bug 209677, GLSA 200803-28
cups-1.12.12-r4: bug 211449, bug 212364
dbus-1.0.2-r2: bug 211451

Comment 2 Markus Meier gentoo-dev

2008-03-20 22:24:48 UTC

amd64 stable (last arch)

Comment 3 Peter Volkov (RETIRED) gentoo-dev

2008-03-21 06:08:37 UTC

Fixed in release snapshot too.

Comment 4 Robin Johnson archtester

2008-10-14 10:27:50 UTC

security: why is this bug still open?

Comment 5 Christian Hoffmann (RETIRED) gentoo-dev

2008-10-14 15:04:08 UTC

This probably warrants a GLSA, as multiple GLSA-worthy security issues are fixed for 64bit users by this update.

Comment 6 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2009-01-11 17:26:08 UTC

This is a B3 bug (see 209677). So a GLSA is not mandatory, and i close that bug due to no activity within a long period of time after having bumped the ebuild.
Reopen if you disagree.

Comment 7 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2009-01-11 18:07:51 UTC

Sorry, in fact this will be a common glsa with bug 196865

Comment 8 Sean Amoss (RETIRED) gentoo-dev

2014-05-19 01:27:00 UTC

Bug was fixed > 4 years ago and is rated B3. This will not get a GLSA. 

Closing.