This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5
---------------
openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via an LDAP search query
with attrsOnly set to true. (LP: #1446809)
- debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in
normalized attr values
- debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that
current patch is not ideal
- debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are
present (attrsOnly = TRUE)
- CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
- debian/patches/CVE-2013-4449.patch: fix reference counting
- CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
- debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
- CVE-2015-1545
-- Felipe Reyes <felipe.re...@canonical.com> Tue, 19 May 2015 11:53:17
-0300
** Changed in: openldap (Ubuntu Precise)
Status: Triaged => Fix Released
** Changed in: openldap (Ubuntu Trusty)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446809
Title:
[SRU] denial of service via an LDAP search query (CVE-2012-1164,
CVE-2013-4449, CVE-2015-1545)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
