Package: slapd Version: 2.4.23-7.2 Severity: normal
Hello, This bug also affects me. RedHat has a fix for version 2.4.23: https://bugzilla.redhat.com/show_bug.cgi?id=727533 adapted from fix committed for version 2.4.25 in openldap GIT: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=0a9f51f58d1e20f92ad2f6a21c70ca04304a7f93 Can you please consider applying this fix in Debian/Squeeze? Note: this bug leads to DoS of the LDAP server as soon as one issues a query involving the SQL backend. Thanks in best regards, Cédric Dufour -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (990, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages slapd depends on: ii adduser 3.112+nmu2 add and remove users and groups ii coreutils 8.5-1 GNU core utilities ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libdb4.8 4.8.30-2 Berkeley v4.8 Database Libraries [ ii libgnutls26 2.8.6-1+squeeze2 the GNU TLS library - runtime libr ii libldap-2.4-2 2.4.23-7.2 OpenLDAP libraries ii libltdl7 2.2.6b-2 A system independent dlopen wrappe ii libperl5.10 5.10.1-17squeeze3 shared Perl library ii libsasl2-2 2.1.23.dfsg1-7 Cyrus SASL - authentication abstra ii libslp1 1.2.1-7.8 OpenSLP libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii perl [libmime-base64-p 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii psmisc 22.11-1 utilities that use the proc file s ii unixodbc 2.2.14p2-1 ODBC tools libraries Versions of packages slapd recommends: ii libsasl2-modules 2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat Versions of packages slapd suggests: pn ldap-utils <none> (no description available) -- Configuration Files: /etc/default/slapd changed: SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_PIDFILE= SLAPD_SERVICES="ldap:/// ldaps:///" SLAPD_OPTIONS="" SLURPD_START=no SLURPD_OPTIONS="" -- debconf information excluded -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
