Bug#448644: marked as done (CVE-2007-5708 remote denial of service)
Your message dated Sun, 18 Nov 2007 10:47:18 + with message-id <[EMAIL PROTECTED]> and subject line Bug#448644: fixed in openldap2.3 2.3.38-1+lenny1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: slapd Version: 2.3.38 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for slapd. CVE-2007-5708[0]: Name: CVE-2007-5708 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 Reference: MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 Reference: MLIST:[openldap-announce] 20071026 OpenLDAP 2.3.39 available Reference: URL:http://www.openldap.org/lists/openldap-announce/200710/msg1.html Reference: BID:26245 Reference: URL:http://www.securityfocus.com/bid/26245 Reference: FRSIRT:ADV-2007-3645 Reference: URL:http://www.frsirt.com/english/advisories/2007/3645 Reference: SECUNIA:27424 Reference: URL:http://secunia.com/advisories/27424 slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initiialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. This information is not yet on the mitre site but it seems to be public. A fix for this can be found on: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/overlays/pcache.c.diff?r1=1.41.2.20&r2=1.41.2.21&hideattic=1&sortbydate=0 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpMXmyZsnXap.pgp Description: PGP signature --- End Message --- --- Begin Message --- Source: openldap2.3 Source-Version: 2.3.38-1+lenny1 We believe that the bug you reported is fixed in the latest version of openldap2.3, which is due to be installed in the Debian FTP archive: ldap-utils_2.3.38-1+lenny1_i386.deb to pool/main/o/openldap2.3/ldap-utils_2.3.38-1+lenny1_i386.deb libldap-2.3-0-dbg_2.3.38-1+lenny1_i386.deb to pool/main/o/openldap2.3/libldap-2.3-0-dbg_2.3.38-1+lenny1_i386.deb libldap-2.3-0_2.3.38-1+lenny1_i386.deb to pool/main/o/openldap2.3/libldap-2.3-0_2.3.38-1+lenny1_i386.deb openldap2.3_2.3.38-1+lenny1.diff.gz to pool/main/o/openldap2.3/openldap2.3_2.3.38-1+lenny1.diff.gz openldap2.3_2.3.38-1+lenny1.dsc to pool/main/o/openldap2.3/openldap2.3_2.3.38-1+lenny1.dsc slapd-dbg_2.3.38-1+lenny1_i386.deb to pool/main/o/openldap2.3/slapd-dbg_2.3.38-1+lenny1_i386.deb slapd_2.3.38-1+lenny1_i386.deb to pool/main/o/openldap2.3/slapd_2.3.38-1+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated openldap2.3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sun, 04 Nov 2007 13:42:20 +0100 Source: openldap2.3 Binary: slapd ldap-utils libldap-2.3-0-dbg libldap-2.3-0 slapd-dbg Architecture: source i386 Version: 2.3.38-1+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian OpenLDAP Maintainers <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: ldap-utils - OpenLDAP utilities libldap-2.3-0 - OpenLDAP libraries libldap-2.3-0-dbg - Debugging information for OpenLDAP libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) Closes: 448644 Changes: openldap2.3 (2.3.38-1+lenny1) testing-security; urgency=high . * Non-maintainer upload by testing security team. * Fixed missing usage of calloc instead of malloc which might lead to a denial of service attack (CVE-2007-5708) (Closes: #448644). Files: 695389d9cd9e46c6891db0318769023d 1215 net optional openldap2.3_2.3.38-1+lenny1.dsc c13b872eb062a33a16a31d5804f0964f 2955427 net optional openldap2.3_2.3.38.orig.tar.gz 3cb6eab2f47e8671f3c4ef2ddb10a717
Bug#448644: marked as done (CVE-2007-5708 remote denial of service)
Your message dated Tue, 13 Nov 2007 00:32:05 + with message-id <[EMAIL PROTECTED]> and subject line Bug#448644: fixed in openldap2.3 2.3.39-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) --- Begin Message --- Package: slapd Version: 2.3.38 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for slapd. CVE-2007-5708[0]: Name: CVE-2007-5708 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 Reference: MISC:http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5163 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440632 Reference: MLIST:[openldap-announce] 20071026 OpenLDAP 2.3.39 available Reference: URL:http://www.openldap.org/lists/openldap-announce/200710/msg1.html Reference: BID:26245 Reference: URL:http://www.securityfocus.com/bid/26245 Reference: FRSIRT:ADV-2007-3645 Reference: URL:http://www.frsirt.com/english/advisories/2007/3645 Reference: SECUNIA:27424 Reference: URL:http://secunia.com/advisories/27424 slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initiialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated. This information is not yet on the mitre site but it seems to be public. A fix for this can be found on: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/overlays/pcache.c.diff?r1=1.41.2.20&r2=1.41.2.21&hideattic=1&sortbydate=0 Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpmnfxJa1o0B.pgp Description: PGP signature --- End Message --- --- Begin Message --- Source: openldap2.3 Source-Version: 2.3.39-1 We believe that the bug you reported is fixed in the latest version of openldap2.3, which is due to be installed in the Debian FTP archive: ldap-utils_2.3.39-1_i386.deb to pool/main/o/openldap2.3/ldap-utils_2.3.39-1_i386.deb libldap-2.3-0-dbg_2.3.39-1_i386.deb to pool/main/o/openldap2.3/libldap-2.3-0-dbg_2.3.39-1_i386.deb libldap-2.3-0_2.3.39-1_i386.deb to pool/main/o/openldap2.3/libldap-2.3-0_2.3.39-1_i386.deb openldap2.3_2.3.39-1.diff.gz to pool/main/o/openldap2.3/openldap2.3_2.3.39-1.diff.gz openldap2.3_2.3.39-1.dsc to pool/main/o/openldap2.3/openldap2.3_2.3.39-1.dsc openldap2.3_2.3.39.orig.tar.gz to pool/main/o/openldap2.3/openldap2.3_2.3.39.orig.tar.gz slapd-dbg_2.3.39-1_i386.deb to pool/main/o/openldap2.3/slapd-dbg_2.3.39-1_i386.deb slapd_2.3.39-1_i386.deb to pool/main/o/openldap2.3/slapd_2.3.39-1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russ Allbery <[EMAIL PROTECTED]> (supplier of updated openldap2.3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Mon, 12 Nov 2007 16:00:47 -0800 Source: openldap2.3 Binary: slapd ldap-utils libldap-2.3-0-dbg libldap-2.3-0 slapd-dbg Architecture: source i386 Version: 2.3.39-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenLDAP Maintainers <[EMAIL PROTECTED]> Changed-By: Russ Allbery <[EMAIL PROTECTED]> Description: ldap-utils - OpenLDAP utilities libldap-2.3-0 - OpenLDAP libraries libldap-2.3-0-dbg - Debugging information for OpenLDAP libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) Closes: 435290 442191 444806 448644 Changes: openldap2.3 (2.3.39-1) unstable; urgency=medium . * Medium severity due to denial of service fix. * New upstream release. - CVE-2007-5708: Fix remote denial of service attack in slapo-pcache (the overlay for proxy caching). (Closes: #448644) - Multiple additional more minor bug fixes. * Document in the default slapd.conf that dbconfig options only generate the DB_CONFIG file on first slapd start and have no effect afterwards unless DB_CON