Here I'm attaching a new version of the patch for precise that includes fixes for CVE-2012-1164, CVE-2013-4449 and CVE-2015-1545
Pending to add patches to fix CVE-2013-4449 and CVE-2015-1545 in trusty, utopic, vivid and wily. ** Description changed: [Impact] - * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a - denial of service (assertion failure and daemon exit) via an LDAP search - query with attrsOnly set to true, which causes empty attributes to be - returned. + * CVE-2012-1164: + - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. + - Trusty ships 2.4.31 which comes with a fix for this. - * Trusty ships 2.4.31 which comes with a fix for this. + * CVE-2013-4449 + - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. + - This bug affects all the series (precise, trusty, utopic, vivid and wily) - [Test Case] - - TBD + * CVE-2015-1545 + - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. + - This bug affects all the series (precise, trusty, utopic, vivid and wily) [Regression Potential] * this set of patches adds validations to avoid segfaults, so no regression is expected. [Other Info] - * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 - * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html - * Patches backported: - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) + * CVE-2012-1164: + - Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 + - http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) + + * CVE-2013-4449 + - Upstream bug report http://www.openldap.org/its/index.cgi/Incoming?id=7723 + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=924389d9dd9dbb6ffe5db6c0fc65ecfe6814a1af + + * CVE-2015-1545 + - Upstream bug report http://www.openldap.org/its/?findid=8027 + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 ** Patch added: "lp1446809_precise.debdiff" https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400520/+files/lp1446809_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
