[packages/openldap] fix for CVE-2015-1545, CVE-2015-1546 from upstream git
glen
glen at pld-linux.org
Tue Feb 17 11:58:00 CET 2015
commit a48964e9aac1a2c2ee5a2c87ce8a0192907efb28
Author: Elan Ruusamäe <glen at delfi.ee>
Date: Tue Feb 17 12:45:43 2015 +0200
fix for CVE-2015-1545, CVE-2015-1546 from upstream git
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1545
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1546
CVE-2015-1545-CVE-2015-1546.patch | 26 ++++++++++++++++++++++++++
openldap.spec | 4 +++-
2 files changed, 29 insertions(+), 1 deletion(-)
---
diff --git a/openldap.spec b/openldap.spec
index 740a4ff..06dd097 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -26,7 +26,7 @@ Summary(ru.UTF-8): Образцы клиентов LDAP
Summary(uk.UTF-8): Зразки клієнтів LDAP
Name: openldap
Version: 2.4.40
-Release: 1
+Release: 2
License: OpenLDAP Public License
Group: Networking/Daemons
Source0: ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/%{name}-%{version}.tgz
@@ -63,6 +63,7 @@ Patch19: %{name}-gcc47.patch
Patch20: enable-mdb.patch
Patch22: %{name}-am.patch
Patch23: %{name}-db.patch
+Patch24: CVE-2015-1545-CVE-2015-1546.patch
# Patch for the evolution library
Patch100: %{name}-ntlm.diff
URL: http://www.openldap.org/
@@ -1244,6 +1245,7 @@ cd %{name}-%{version}
%patch20 -p1
%patch22 -p1
%patch23 -p1
+%patch24 -p1
%if %{with krb5}
%patch17 -p1
%endif
diff --git a/CVE-2015-1545-CVE-2015-1546.patch b/CVE-2015-1545-CVE-2015-1546.patch
new file mode 100644
index 0000000..a642bed
--- /dev/null
+++ b/CVE-2015-1545-CVE-2015-1546.patch
@@ -0,0 +1,26 @@
+From c32e74763f77675b9e144126e375977ed6dc562c Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc at openldap.org>
+Date: Mon, 19 Jan 2015 22:25:53 +0000
+Subject: [PATCH] ITS#8027 require non-empty AttributeList
+
+---
+ servers/slapd/overlays/deref.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/overlays/deref.c b/servers/slapd/overlays/deref.c
+index 9420e3e..05aa890 100644
+--- a/servers/slapd/overlays/deref.c
++++ b/servers/slapd/overlays/deref.c
+@@ -183,7 +183,8 @@ deref_parseCtrl (
+ ber_len_t cnt = sizeof(struct berval);
+ ber_len_t off = 0;
+
+- if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++ if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++ || !cnt )
+ {
+ rs->sr_text = "Dereference control: derefSpec decoding error";
+ rs->sr_err = LDAP_PROTOCOL_ERROR;
+--
+1.7.10.4
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openldap.git/commitdiff/a48964e9aac1a2c2ee5a2c87ce8a0192907efb28
More information about the pld-cvs-commit
mailing list