Per the Red Hat bug at $URL:
"A bug in slapd's UTF8StringNormalize() function can cause a one-byte buffer
overflow when it is passed a zero-length string. The code then writes a '\0'
past the one-byte long buffer allocated on the heap, which could possibly allow
a remote authenticated user to crash slapd. As per the upstream report ,
this bug has been present since 2003-04-07 ...
A patch to correct the flaw has been committed  (depends on the previous
Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and
earlier allows remote attackers to cause a denial of service (slapd crash)
via a zero-length string that triggers a heap-based buffer overflow, as
demonstrated using an empty postalAddressAttribute value.
Fixed in 2.4.27, from changelog:
Fixed slapd schema UTF8StringNormalize with 0 length values.
P.S. is also out 2.4.28
*** Bug 392427 has been marked as a duplicate of this bug. ***
2.4.28 has been in-tree since 2012/02/02.
However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old stuff).
(In reply to comment #4)
> 2.4.28 has been in-tree since 2012/02/02.
> However, I was going to ask for stablereq on 2.4.28-r1 in a week if there are
> no problems reported (it has a LOT of other fixes in it, 15 bugs worth of old
Robin, shall we stabilize =net-nds/openldap-2.4.28-r1 now? Thanks.
Just waiting for a resolution on bug 404555 regarding the automake changes in the new OpenLDAP, then we can go for stable.
Arches, please test and stable.
FEATURES=test should work, but if it doesn't open a bug and I'll review the output.
alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86
Stable for HPPA.
Thanks, everyone. GLSA Vote: yes.
Vote: yes, too. Added to existing GLSA request.
This issue was resolved and addressed in
GLSA 201406-36 at http://security.gentoo.org/glsa/glsa-201406-36.xml
by GLSA coordinator Yury German (BlueKnight).