← Back to team overview

touch-packages team mailing list archive

[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)

 

This bug was fixed in the package openldap - 2.4.31-1+nmu2ubuntu11.1

---------------
openldap (2.4.31-1+nmu2ubuntu11.1) utopic-security; urgency=medium

  * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
    - debian/patches/CVE-2013-4449.patch: fix reference counting
    - CVE-2013-4449
  * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
    - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
    - CVE-2015-1545

 -- Felipe Reyes <felipe.reyes@xxxxxxxxxxxxx>  Tue, 19 May 2015 12:59:29
-0300

** Changed in: openldap (Ubuntu Utopic)
       Status: New => Fix Released

** Changed in: openldap (Ubuntu Vivid)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1446809

Title:
  [SRU] denial of service via an LDAP search query (CVE-2012-1164,
  CVE-2013-4449, CVE-2015-1545)

Status in openldap package in Ubuntu:
  Fix Released
Status in openldap source package in Precise:
  Fix Released
Status in openldap source package in Trusty:
  Fix Released
Status in openldap source package in Utopic:
  Fix Released
Status in openldap source package in Vivid:
  Fix Released
Status in openldap package in Debian:
  Fix Released

Bug description:
  [Impact]

  * CVE-2012-1164:
    - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.
    - Trusty ships 2.4.31 which comes with a fix for this.

  * CVE-2013-4449
    - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
    - This bug affects all the series (precise, trusty, utopic, vivid and wily)

  * CVE-2015-1545
    - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request.
    - This bug affects all the series (precise, trusty, utopic, vivid and wily)

  [Regression Potential]

  * this set of patches adds validations to avoid segfaults, so no
  regression is expected.

  [Other Info]

  * CVE-2012-1164:
    - Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143
    - http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html
    - Patches backported:
      - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1)
      - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2)
      - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3)

  * CVE-2013-4449
    - Upstream bug report http://www.openldap.org/its/index.cgi/Incoming?id=7723
    - Patches backported:
      - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=924389d9dd9dbb6ffe5db6c0fc65ecfe6814a1af

  * CVE-2015-1545
    - Upstream bug report http://www.openldap.org/its/?findid=8027
    - Patches backported:
      - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions


References