touch-packages team mailing list archive

Thread
Date

[Bug 1446809] Re: denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Bug Watch Updater <1446809@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 May 2015 07:27:41 -0000
Reply-to: Bug 1446809 <1446809@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: openldap (Debian)
       Status: Unknown => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1446809

Title:
  denial of service via an LDAP search query with attrsOnly set to true
  (CVE-2012-1164)

Status in openldap package in Ubuntu:
  New
Status in openldap package in Debian:
  Fix Released

Bug description:
  [Impact]

  * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a
  denial of service (assertion failure and daemon exit) via an LDAP
  search query with attrsOnly set to true, which causes empty attributes
  to be returned.

  * Trusty ships 2.4.31 which comes with a fix for this.

  [Test Case]

  TBD

  [Regression Potential]

  TBD

  [Other Info]
   
  * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143
  * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions

References

[Bug 1446809] [NEW] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
From: Felipe Reyes, 2015-04-21