First Last Prev Next    This bug is not in your last search results.
Bug 53447 - openldap: multiple issues (4.4)
openldap: multiple issues (4.4)
Status: RESOLVED DUPLICATE of bug 52747
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-8-errata
Assigned To: Julia Bremer
UCS maintainers
:
Depends on: 53446
Blocks:
  Show dependency treegraph
 
Reported: 2021-06-15 15:43 CEST by Arvid Requate
Modified: 2021-07-05 19:35 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2021-06-15 15:43:49 CEST 
Also for 4.4

+++ This bug was initially created as a clone of Bug #53446 +++

* Denial of Service in slapd due to assertion failure in the issuerAndThisUpdateCheck function, triggerable via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime (CVE-2021-27212)
Comment 1 Arvid Requate univentionstaff 2021-06-15 15:48:19 CEST 
Already fixed in UCS 5.0-0 (2.4.47+dfsg-3+deb10u6) - https://security-tracker.debian.org/tracker/CVE-2021-27212
Comment 2 Julia Bremer univentionstaff 2021-07-05 19:35:49 CEST 
Patch 99_ITS-9454-fix-issuerAndThisUpdateCheck.quilt has already been imported, built and released with Bug #52747

*** This bug has been marked as a duplicate of bug 52747 ***
First Last Prev Next    This bug is not in your last search results.