-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 02/06/15 13:47, Paul B. Henson wrote: > I haven't seen any announcement of this other than on security > lists, but there's an unauthenticated remote DoS bug in 2.4.40: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991 > > The actual ITS is a bit confusing, the reporter at one point says > he had the issue with a beta version of 2.4.40 and it didn't work > against release, but debian confirmed it kills their official > 2.4.40 package and it caused a segfault against my gentoo 2.4.40 > release, so if you're running 2.4.40 (older versions not > vulnerable), it's probably worth applying the patch from head: > > http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a > > I rebuilt my 2.4.40 with this and it no longer dies when the PoC > query is issued. >
Is there a CVE number for this one? Thanks in advance! Cheers, - -- Xin LI <[email protected]> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.1 (FreeBSD) iQIcBAEBCgAGBQJU1TupAAoJEJW2GBstM+nsqmEP/04bi99MWG1EAZCi8ndnChu+ 4n7DL0nB0emIvTP/UboKQcdSPNovDxPuNTZyhNaGEziD8PePGlkfTSanNCvMCl2j NSnae0K6YSdiqX452jHcdlLbm876S13AxZsbXCSmcyM0wPgnUiaXOJ51L968JdYm D8iJo4KDA0zxJCOOlb07SgcdgeVJ62I59mmg9qOwZrZvgeSdULv3YhE+v8Xwj3sf SW4svM0fZm8a2v7zJ/G/ME7od8tteIZYa4DeSkFkIOmHS4TjXWiciWMBTIcgfuba a2vy8IDK0+tYyiF4LxxOnEDGe5Bmx1nAyzdoSr4UKuWXBNvYerwZocB2/vZO6Vy+ t7ufsEi/H2W0rCpeaSsg0w4ktjm8cUT+l+sWveAVh8UGAlCzYYbE+k+mRTwu9eqg hP0sruId3ZoT6hL54iPgTYsSR7rffL//twa29u1464k+/OFkbwyAdxJGW7Dotivz 7ArupIwQFoHSquatn3dfZDCHZ0F+Ay6YTwhMUeqpa8xk4pFMuvHdhKRyAtFfS4pA hFbTL6DIIKk8MMpeiXrHXLLZAbJibb/awVwCko641QtFzsXpQKFkcSJ89zIHVZhx i7o2F5pHjL5TM03xMJ51oWQiplLVhJ6tcmz+yn0yDHxy5dQv59Pad/BRcx6gynml sLZ3HXVWv4fspb+ql7DW =89su -----END PGP SIGNATURE-----
