enterprise-support team mailing list archive

Thread
Date

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1446809@xxxxxxxxxxxxxxxxxx>
Date: Tue, 26 May 2015 17:29:26 -0000
Reply-to: Bug 1446809 <1446809@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu11.1

---------------
openldap (2.4.31-1+nmu2ubuntu11.1) utopic-security; urgency=medium

  * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
    - debian/patches/CVE-2013-4449.patch: fix reference counting
    - CVE-2013-4449
  * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
    - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
    - CVE-2015-1545

 -- Felipe Reyes <felipe.reyes@xxxxxxxxxxxxx>  Tue, 19 May 2015 12:59:29
-0300

** Changed in: openldap (Ubuntu Utopic)
       Status: New => Fix Released

** Changed in: openldap (Ubuntu Vivid)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to openldap in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1446809

Title:
  [SRU] denial of service via an LDAP search query (CVE-2012-1164,
  CVE-2013-4449, CVE-2015-1545)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions

References

[Bug 1446809] [NEW] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
From: Felipe Reyes, 2015-04-21