** Description changed: [Impact] * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. * Trusty ships 2.4.31 which comes with a fix for this. [Test Case] TBD [Regression Potential] TBD [Other Info] - + * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html + * Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3)
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) Status in openldap package in Ubuntu: New Status in openldap package in Debian: Fix Released Bug description: [Impact] * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. * Trusty ships 2.4.31 which comes with a fix for this. [Test Case] TBD [Regression Potential] TBD [Other Info] * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html * Patches backported: - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp