[Pkg-openldap-devel] Bug#659174: back-sql segfaults on amd64, but not on i386

Cédric Dufour cedric.dufour at ced-network.net
Sat Dec 1 11:35:55 UTC 2012 

Package: slapd
Version: 2.4.23-7.2
Severity: normal


Hello,

This bug also affects me.

RedHat has a fix for version 2.4.23: https://bugzilla.redhat.com/show_bug.cgi?id=727533
adapted from fix committed for version 2.4.25 in openldap GIT: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=0a9f51f58d1e20f92ad2f6a21c70ca04304a7f93

Can you please consider applying this fix in Debian/Squeeze?
Note: this bug leads to DoS of the LDAP server as soon as one issues a query involving the SQL backend.

Thanks in best regards,

Cédric Dufour

-- System Information:
Debian Release: 6.0.6
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages slapd depends on:
ii  adduser                3.112+nmu2        add and remove users and groups
ii  coreutils              8.5-1             GNU core utilities
ii  debconf [debconf-2.0]  1.5.36.1          Debian configuration management sy
ii  libc6                  2.11.3-4          Embedded GNU C Library: Shared lib
ii  libdb4.8               4.8.30-2          Berkeley v4.8 Database Libraries [
ii  libgnutls26            2.8.6-1+squeeze2  the GNU TLS library - runtime libr
ii  libldap-2.4-2          2.4.23-7.2        OpenLDAP libraries
ii  libltdl7               2.2.6b-2          A system independent dlopen wrappe
ii  libperl5.10            5.10.1-17squeeze3 shared Perl library
ii  libsasl2-2             2.1.23.dfsg1-7    Cyrus SASL - authentication abstra
ii  libslp1                1.2.1-7.8         OpenSLP libraries
ii  libwrap0               7.6.q-19          Wietse Venema's TCP wrappers libra
ii  lsb-base               3.2-23.2squeeze1  Linux Standard Base 3.2 init scrip
ii  perl [libmime-base64-p 5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  psmisc                 22.11-1           utilities that use the proc file s
ii  unixodbc               2.2.14p2-1        ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.23.dfsg1-7 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
pn  ldap-utils                    <none>     (no description available)

-- Configuration Files:
/etc/default/slapd changed:
SLAPD_USER="openldap"
SLAPD_GROUP="openldap"
SLAPD_PIDFILE=
SLAPD_SERVICES="ldap:/// ldaps:///"
SLAPD_OPTIONS=""
SLURPD_START=no
SLURPD_OPTIONS=""


-- debconf information excluded

More information about the Pkg-openldap-devel mailing list