[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Changed in: openldap (Debian) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Changed in: openldap (Debian) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code To

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

This bug was fixed in the package openldap - 2.4.41+dfsg-1ubuntu2.1 --- openldap (2.4.41+dfsg-1ubuntu2.1) wily; urgency=medium * Fix use after free with GnuTLS. (LP: #1557248) -- Maciej Puzio Wed, 23 Mar 2016 13:42:50 -0500 ** Changed in: openldap

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

This bug was fixed in the package openldap - 2.4.42+dfsg-2ubuntu3.1 --- openldap (2.4.42+dfsg-2ubuntu3.1) xenial; urgency=medium * Fix use after free with GnuTLS. (LP: #1557248) -- Maciej Puzio Fri, 25 Mar 2016 15:24:25 -0500 ** Changed in: openldap

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I can confirm that the following packages from xenial-proposed fix the bug: slapd 2.4.42+dfsg-2ubuntu3.1 libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1 ldap-utils 2.4.42+dfsg-2ubuntu3.1 I did not test the packages in wily-proposed. Setting the test environment is not trivial, and I don't think it is

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Chris, thank you very much for preparing the packages for -proposed repos. I started testing of xenial-proposed version, but tests are not progressing quickly, due to issues that I described above. In addition I have run into another problem, likely unrelated to this bug, which is further

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Hello Maciej, or anyone else affected, Accepted openldap into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openldap/2.4.41+dfsg- 1ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

This bug was fixed in the package openldap - 2.4.42+dfsg-2ubuntu4 --- openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium * Fix use after free with GnuTLS. (LP: #1557248) -- Maciej Puzio Fri, 25 Mar 2016 15:24:25 -0500 ** Changed in: openldap (Ubuntu

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Due to the nature of this bug (referencing previously freed memory leading to an undefined behavior), a reliable testing procedure is difficult to create. This bug was originally found by looking for a cause of syncrepl failures. The reproducibility of these failures was about 50%, enough to make

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

As per the SRU requirements, could you please update the bug description with a testing procedure? See here for more information: https://wiki.ubuntu.com/StableReleaseUpdates Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Thanks for the patched packages! I've uploaded your changes to yakkety with a slight change in the changelog to better describe the issue. I've also uploaded updates to wily and xenial for processing by the SRU team. Thanks! ** Changed in: openldap (Ubuntu Yakkety) Status: Confirmed =>

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Also affects: openldap (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Yakkety) Importance: Medium Status: Confirmed ** Also affects: openldap (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openldap (Ubuntu

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Changed in: openldap (Debian) Status: Unknown => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code To

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Changed in: openldap (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Tags added: wily xenial ** Also affects: openldap (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I reported the bug to Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244 ** Bug watch added: Debian Bug tracker #820244 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I created patched openldap packages for xenial, available on the same PPA as above. I tested amd64 packages on xenial beta 2. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1557248

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I created patched openldap packages for xenial, available on the same PPA as above. I tested amd64 packages on xenial beta 2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP:

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I have just found that Howard Chu of OpenLDAP team had already uploaded this patch to Launchpad VCS: http://bazaar.launchpad.net/~vcs-imports/openldap/master/revision/20757 Hopefully we will have the package released soon. -- You received this bug notification because you are a member of Ubuntu

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I have just found that Howard Chu of OpenLDAP team had already uploaded this patch to Launchpad VCS: http://bazaar.launchpad.net/~vcs-imports/openldap/master/revision/20757 Hopefully we will have the package released soon. -- You received this bug notification because you are a member of Ubuntu

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Tags added: patch-accepted-upstream -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code To manage

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

** Tags added: patch-accepted-upstream -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code To manage notifications about

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I created a PPA with patched deb packages, available at: https://launchpad.net/~maciej-puzio/+archive/ubuntu/openldap Currently it contains openldap-2.4.41 source package with the above patch applied, as well as binary debs built from it, for amd64 and i386. These packages are for Ubuntu 15.10

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

I created a PPA with patched deb packages, available at: https://launchpad.net/~maciej-puzio/+archive/ubuntu/openldap Currently it contains openldap-2.4.41 source package with the above patch applied, as well as binary debs built from it, for amd64 and i386. These packages are for Ubuntu 15.10

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu.

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

This patch may also resolve https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927 I'll confirm once available and I have an opportunity to test. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu.

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

This patch may also resolve https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927 I'll confirm once available and I have an opportunity to test. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openldap (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1557248 Title:

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

The attachment "tls_g.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray,

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

The attachment "tls_g.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray,

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Patch created by OpenLDAP team applies cleanly to openldap 2.4.41+dfsg- 1ubuntu2 (wily). ** Patch added: "tls_g.patch" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248/+attachment/4607004/+files/tls_g.patch -- You received this bug notification because you are a member of

[Bug 1557248] Re: OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code

Patch created by OpenLDAP team applies cleanly to openldap 2.4.41+dfsg- 1ubuntu2 (wily). ** Patch added: "tls_g.patch" https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248/+attachment/4607004/+files/tls_g.patch -- You received this bug notification because you are a member of