[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-29 Thread Felipe Reyes
** Changed in: openldap (Ubuntu Precise) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Utopic) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in:

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-26 Thread Felipe Reyes
Marc, I tested these patches against two scenarios: 1) single node with default configuration and phpldapadmin, 2) a two nodes scenario, 1 node configures a relay and translucent proxy and connects to the second one which has a default configuration. For details of each configuration please see

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-26 Thread Launchpad Bug Tracker
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu12.1 --- openldap (2.4.31-1+nmu2ubuntu12.1) vivid-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting -

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-26 Thread Launchpad Bug Tracker
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu11.1 --- openldap (2.4.31-1+nmu2ubuntu11.1) utopic-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting -

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-26 Thread Launchpad Bug Tracker
This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu8.1 --- openldap (2.4.31-1+nmu2ubuntu8.1) trusty-security; urgency=medium * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809) - debian/patches/CVE-2013-4449.patch: fix reference counting -

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-26 Thread Launchpad Bug Tracker
This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5 --- openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium * SECURITY UPDATE: denial of service via an LDAP search query with attrsOnly set to true. (LP: #1446809) -

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-25 Thread Marc Deslauriers
ACK on the debdiffs, I've uploaded them for building. (I removed the extra patch, and changed the pocket to -security). What testing did you perform on these? ** Also affects: openldap (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: openldap (Ubuntu Utopic)

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

2015-05-19 Thread Felipe Reyes
** Summary changed: - [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) + [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) -- You received this bug notification because you are a member of Ubuntu Server