From ${URL} : It was discovered that OpenLDAP, with the rwm overlay to slapd, could segfault if a user were able to query the directory and immediately unbind from the server. This seems to be due to the rwm overlay not doing reference counting properly, so rwm_conn_destroy frees the session context while rwm_op_search is using it. This condition also seems to require multiple cores/CPUs to trigger. This was also reported upstream [1] and is currently unfixed. [1] http://www.openldap.org/its/index.cgi/Incoming?id=7723
Redhat issue states it was fixed and pushed in openldap-2.4.39-2 Available upstream
CVE-2013-4449 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4449): The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
Maintainers, this security issue has been around since Feb 2014. Can we please bump to a non vulnerable version.
Ping for update, do we have an ebuild with non-vulnerable version?
The CVE states the vulnerable version in <=2.4.36. 2.4.38 was added 2013/12/13, and 2.4.38-r2 is already stable on everything except s390 and sh;
Thank you for the update. So the only thing left is the Cleanup of 2.4.35*. Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No
GLSA vote: no, too.
Maintainer(s): Ping on cleanup!
InCVS.