Well, considering that Ubuntu openldap maintainers consider e.g. CVE-2013-4449
(denial-of-service, 2.4.31 to 2.4.36 are vulnerable) not important enough to
patch
or update to a later openldap version, I expect there to be zero chance of this
bug
to be patched either. It seems that if it does not
rtandy, this is not specific to slapd, but affects all applications that
use libldap2 and gnutls. Instead of returning a failure at START_TLS,
the library just crashes at a double-free. This makes it difficult to
find the actual problem in services like sssd that crash due to this
bug, although
2 matches
Mail list logo