found 465875 2.3.30-5
thanks
On Wed, Mar 12, 2008 at 12:54:03PM +1100, Brian May wrote:
> Can you please confirm if this is an issue for the Debian stable version
> (2.3.30-5)? I get the impression that 2.3.30 is affected, and I can't
> see any security updates.
Yes, etch is affected. However, this is a DoS attack rather than a
privilege escalation vector, which AIUI is not normally grounds for a DSA.
Security team, the patch for this issue is attached - what say you? Should
I upload it to stable-security, or to proposed-updates?
(sarge is probably also affected, but since security support for sarge will
be terminated on March 31, I'm not sure I care enough to fish an update for
that version...)
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]
Index: debian/patches/series
===================================================================
--- debian/patches/series (.../tags/2.3.30-5) (revision 1117)
+++ debian/patches/series (.../branches/etch) (revision 1117)
@@ -19,3 +19,4 @@
fix-memleak-on-failed-bind -p0
fix-memleak-acls-uses-sets -p0
connection-race -p0
+CVE-2008-0658
Index: debian/patches/CVE-2008-0658
===================================================================
--- debian/patches/CVE-2008-0658 (.../tags/2.3.30-5) (revision 0)
+++ debian/patches/CVE-2008-0658 (.../branches/etch) (revision 1117)
@@ -0,0 +1,12 @@
+diff -Nurad openldap2.3-2.4.7.orig/servers/slapd/back-bdb/modrdn.c openldap2.3-2.4.7/servers/slapd/back-bdb/modrdn.c
+--- openldap2.3-2.4.7.orig/servers/slapd/back-bdb/modrdn.c 2008-03-04 14:32:49.000000000 +0100
++++ openldap2.3-2.4.7/servers/slapd/back-bdb/modrdn.c 2008-03-04 14:33:25.000000000 +0100
+@@ -737,6 +737,8 @@
+ } else {
+ rs->sr_err = LDAP_X_NO_OPERATION;
+ ltid = NULL;
++ /* Only free attrs if they were dup'd. */
++ if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ goto return_results;
+ }
+
Index: debian/changelog
===================================================================
--- debian/changelog (.../tags/2.3.30-5) (revision 1117)
+++ debian/changelog (.../branches/etch) (revision 1117)
@@ -1,3 +1,11 @@
+openldap2.3 (2.3.30-6) UNRELEASED; urgency=low
+
+ * Fix remote denial of service vulnerability in the BDB backend via a
+ modrdn operation with a NOOP control. Thanks to Nico Golde for the
+ extracted patch. (CVE-2008-0658; Closes: #465875)
+
+ -- Steve Langasek <[EMAIL PROTECTED]> Sun, 23 Mar 2008 02:44:29 -0700
+
openldap2.3 (2.3.30-5) unstable; urgency=low
[ Steve Langasek ]
