RedHat has issued an advisory on February 3: https://rhn.redhat.com/errata/RHSA-2014-0126.html Mageia 3 and Mageia 4 are also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
I've added the patch from RedHat in SVN, but they all are failing to build (unrelated to the patch) right now, failing in the testsuite. http://pkgsubmit.mageia.org/uploads/failure/3/core/updates_testing/20140209234135.luigiwalser.valstar.1920/log/openldap-2.4.33-7.1.mga3/build.0.20140209235607.log http://pkgsubmit.mageia.org/uploads/failure/4/core/updates_testing/20140209234112.luigiwalser.valstar.1789/log/openldap-2.4.38-1.1.mga4/build.0.20140209234200.log http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140209234051.luigiwalser.valstar.1628/log/openldap-2.4.38-2.mga5/build.0.20140209234107.log Buchan, please have a look at this.
Hmm, maybe it's a parallel build issue. I pushed them again and they built.
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated openldap packages fix security vulnerability: A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request (CVE-2013-4449). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449 http://www.openldap.org/its/index.cgi/Incoming?id=7723 https://rhn.redhat.com/errata/RHSA-2014-0126.html ======================== Updated packages in core/updates_testing: ======================== openldap-2.4.33-7.1.mga3 openldap-servers-2.4.33-7.1.mga3 openldap-servers-devel-2.4.33-7.1.mga3 openldap-clients-2.4.33-7.1.mga3 libldap2.4_2-2.4.33-7.1.mga3 libldap2.4_2-devel-2.4.33-7.1.mga3 libldap2.4_2-static-devel-2.4.33-7.1.mga3 openldap-doc-2.4.33-7.1.mga3 openldap-tests-2.4.33-7.1.mga3 openldap-testprogs-2.4.33-7.1.mga3 openldap-2.4.38-1.1.mga4 openldap-servers-2.4.38-1.1.mga4 openldap-servers-devel-2.4.38-1.1.mga4 openldap-clients-2.4.38-1.1.mga4 libldap2.4_2-2.4.38-1.1.mga4 libldap2.4_2-devel-2.4.38-1.1.mga4 libldap2.4_2-static-devel-2.4.38-1.1.mga4 openldap-back_sql-2.4.38-1.1.mga4 openldap-back_bdb-2.4.38-1.1.mga4 openldap-back_mdb-2.4.38-1.1.mga4 openldap-doc-2.4.38-1.1.mga4 openldap-tests-2.4.38-1.1.mga4 openldap-testprogs-2.4.38-1.1.mga4 from SRPMS: openldap-2.4.33-7.1.mga3.src.rpm openldap-2.4.38-1.1.mga4.src.rpm
CC: (none) => bgmilneVersion: Cauldron => 4Assignee: bgmilne => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Testing procedure from https://bugs.mageia.org/show_bug.cgi?id=6527#c8 ------- This is easy to test by installing openldap-tests Start the ldap service # service ldap start (for mga1) or # systemctl start ldap.service (for mga2) Then # cd /usr/share/openldap/tests/ # ./run all > ldaptest # grep -e ">>>>>" ldaptest -------
CC: (none) => stormi
Whiteboard: MGA3TOO => MGA3TOO has_procedure
Testing mga3 32 & 64 now
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga3-32-ok mga3-64-ok
testing currently on mga4/x86_64
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok
tested yesterday 2014-02-11 on mga4/32bit i dunno if it is a failure or not ---> >>>>> Starting test058-syncrepl-asymmetric for bdb... >>>>>> Exiting with a false success status for now >>>>> test058-syncrepl-asymmetric completed OK for bdb.
CC: (none) => gerdroscher
(In reply to Gerd Roscher from comment #7) > tested yesterday 2014-02-11 on mga4/32bit > > i dunno if it is a failure or not ---> > > >>>>> Starting test058-syncrepl-asymmetric for bdb... > >>>>>> Exiting with a false success status for now > >>>>> test058-syncrepl-asymmetric completed OK for bdb. I think it's OK, the "false success status" must be intended.
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok
Advisory uploaded. Update validated. Please push to 3 & 4 core/updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok advisory
Update pushed: http://advisories.mageia.org/MGASA-2014-0062.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED