SUSE has issued an advisory on December 17: http://lists.suse.com/pipermail/sle-security-updates/2018-December/004970.html Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Assigning to the registered maintainer.
CC: (none) => marja11Assignee: bugsquad => bgmilne
The crash occurs when using the nops overlay from contrib (which we do ship) with memberof (a supported overlay). The patch from SUSE is for the memberof overlay, but hasn't been submitted upstream. Since the use of the nops overlay is much less likely than the memberof overlay, I would prefer not to patch the memberof overlay with a patch not reviewed by upstream or well tested (which I personally don't have time for now as I am going away on holiday). I will try and revisit this when I am back (2nd week of Jan).
Ping Buchan.
I would prefer to follow/support upstream here, which would be either: * drop the nops overlay (quick change, but we would break any users of the nops overlay) * submit a fix for the nops overlay in https://www.openldap.org/its/index.cgi?findid=8759 (would take a bit longer, but has the better ROI). The patches other vendors are using seems to be the incorrect fix, and could break other configurations with multiple overlays.
Status: NEW => ASSIGNED
Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO
Depends on: (none) => 25286
Based on the lack of progress by anyone to provide a correct fix, maybe we shouldn't ship the nops overlay?
That sounds reasonable.
openSUSE has issued an advisory for this on September 24: https://lists.opensuse.org/opensuse-updates/2019-09/msg00113.html
Status comment: (none) => Can be fixed by dropping the nops overlay
Depends on: (none) => 26569
openldap-2.4.50-1.1.mga7.src.rpm drops the nops overlay.
CC: (none) => bgmilneAssignee: bgmilne => bugsquad
Whiteboard: MGA7TOO, MGA6TOO => (none)Assignee: bugsquad => bgmilneVersion: Cauldron => 7Status comment: Can be fixed by dropping the nops overlay => (none)
Fixed in: https://advisories.mageia.org/MGASA-2020-0200.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED