Your message dated Wed, 14 Aug 2019 18:47:46 +0000
with message-id <[email protected]>
and subject line Bug#934277: fixed in openldap 2.4.44+dfsg-5+deb9u3
has caused the Debian Bug report #934277,
regarding slapd segfault on rwm filter parse error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
934277: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934277
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: slapd
Version: 2.4.21-1
Severity: important
Tags: security
Control: fixed -1 2.4.48+dfsg-1
Control: forwarded -1 https://openldap.org/its/?findid=8964
This is already fixed in unstable, but filing this for tracking anyway
as I think it warrants fixing in stable as well.
If rwm modifies the search filter and the resulting filter is invalid,
slapd crashes while cleaning up the operation. I believe it ends up
freeing the same pointer twice (where the happy path frees two different
ones).
Depending on the rwm configuration, users (possibly even
anonymous/unprivileged ones) with access to search the directory in a
way that causes the search filter to be rewritten can crash slapd
remotely.
Fixed in master by d40b357, in RE24 by 0f7ec3a.
Also reported in Ubuntu: https://bugs.launchpad.net/bugs/1838370
--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.44+dfsg-5+deb9u3
We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 10 Aug 2019 12:17:00 -0700
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-common
libldap-2.4-2-dbg libldap2-dev slapd-dbg
Architecture: source all
Version: 2.4.44+dfsg-5+deb9u3
Distribution: stretch
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap-common - OpenLDAP common files for libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 932997 932998 934277
Changes:
openldap (2.4.44+dfsg-5+deb9u3) stretch; urgency=medium
.
* Fix slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
* Fix slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
* Fix slapo-rwm to not free original filter when rewritten filter is invalid
(ITS#8964) (Closes: #934277, LP: #1838370)
Checksums-Sha1:
c66c3097d1b9baa7c63fde953258025c188adfa3 3009 openldap_2.4.44+dfsg-5+deb9u3.dsc
f1448c32b1e78a295260fa9217be92dde344829c 168576
openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz
a410f605d05f5eeb793a9b539a41defc904733b3 85710
libldap-common_2.4.44+dfsg-5+deb9u3_all.deb
Checksums-Sha256:
feff6977d4674bbbbe3c34c9d292edcfe6d895d10aa165910dbc96819a327abb 3009
openldap_2.4.44+dfsg-5+deb9u3.dsc
926e2b00418901d9b52d314a6f6319f84c9dd04e12d085830ffc37bf3329c402 168576
openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz
f7482e2b4aaa78abd1b0f4034cb1a36ab929e28c477f588916971aeb004afcf2 85710
libldap-common_2.4.44+dfsg-5+deb9u3_all.deb
Files:
2a811aad373268d3c7633b70483ea38f 3009 net optional
openldap_2.4.44+dfsg-5+deb9u3.dsc
cf128a90797244b43b27d860e1645a8a 168576 net optional
openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz
3c6f9d695a42ba518081a9f3abe795e4 85710 libs standard
libldap-common_2.4.44+dfsg-5+deb9u3_all.deb
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAl1THp4PHHJ5YW5AbmFy
ZGlzLmNhAAoJECKfzxL11mu2zYAQAJiN0KVeAA1Nf+lpTn9p59wVE1sDNI3zLUvX
Jgvp/l0BzoEFSO8OTA2+d0Ge6kO6QSVGLN4RF6CnyN2web90KlonKNeja5b7eas9
as2l4JMSdeC2shh4M/aslBsHYKienrSf1BYq6SnfE02S4Ua+u+Z999AyrsZycmqf
XXE0C1nGJ2fzd3VFNPk7CPM7luNUcwcQDEyvhYSdh6mctnk1HiQF0A4WuHdpPDVG
kBiBlxtGvMLFLKm557tAMBHmGc+qzYYTJaK5UCUdsddB4ztwjDnXY5KU1dZA0bR5
SPyNeZacMm8+r6k5OOq8LAyRyurbabpJJY8ttekzsLqPHiDNcpkTMreqz6dhFvyf
0VegQ+wJc3krmcoW1raAkfUD5nKYZzavgqt9vPloIs3lOQ/EtTRs8GwEn+Tqr9aZ
Vgac8orpzreNOpIg/SeG7FoFtT/7AZCD7mNuKbqE9Cw21gDfcs5umOPzNj+QigMA
T25p1I4ZN75B58J0SVwxc48OLsD1XAPR8WvBCCf+J7XLaTmBWn8NumXqe611YPfy
Cb48p1tpREHVa8tLqXvE60cw0QF4m6ztdnhybYA6f5kus7C85yG0lcSK23TeNpiM
5aIg06T+Jq3S5izMjO8MMiQ/gEB5w+GY65jT6ZGvst9AkmxhvEnsKb0giofh6ram
Q2Qx9ypY
=K7gL
-----END PGP SIGNATURE-----
--- End Message ---
