Bug 26569 - openldap new security issue CVE-2020-12243
Summary: openldap new security issue CVE-2020-12243
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks: 24076
  Show dependency treegraph
 
Reported: 2020-04-30 19:31 CEST by David Walser
Modified: 2020-05-05 14:22 CEST (History)
5 users (show)

See Also:
Source RPM: openldap-2.4.47-3.1.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-04-30 19:31:02 CEST
Debian has issued an advisory on April 28:
https://www.debian.org/security/2020/dsa-4666

The issue is fixed upstream in 2.4.50.
David Walser 2020-04-30 19:31:24 CEST

Blocks: (none) => 24076
Status comment: (none) => Fixed upstream in 2.4.50

Comment 2 David Walser 2020-05-01 17:40:03 CEST
Sounds reasonable.  Don't forget to address Bug 24076.
Comment 3 Buchan Milne 2020-05-02 10:33:14 CEST
openldap-2.4.50-1.1.mga7.src.rpm submitted to updates_testing for MGA7, after some local testing.

All tests from openldap-tests also passed running locally.

CC: (none) => bgmilne
Assignee: bgmilne => bugsquad

Comment 4 David Walser 2020-05-02 17:40:54 CEST
Advisory:
========================

Updated openldap packages fix security vulnerabilities:

When both the nops module and the member of overlay are enabled, attempts to
free a buffer that was allocated on the stack, which allows remote attackers to
cause a denial of service (slapd crash) via a member MODDN operation
(CVE-2017-17740).

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested
boolean expressions can result in denial of service (daemon crash)
(CVE-2020-12243).

The nops overlay has been dropped from the package, fixing CVE-2017-17740.

The openldap package has been updated to version 2.4.50, fixing CVE-2020-12243
and several other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12243
https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/NQ6OHLWNVRKIJU3HI5YGGAZL54H2RB73/
https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/VMMBUCQHEDF6QA4CDOONP2CDQEOR5YQA/
https://lists.openldap.org/hyperkitty/list/openldap-announce@openldap.org/thread/FUOYA6YCHBXMLANBJMSO22JD2NB22WGC/
https://lists.opensuse.org/opensuse-updates/2019-09/msg00113.html
https://www.debian.org/security/2020/dsa-4666
========================

Updated packages in core/updates_testing:
========================
openldap-2.4.50-1.1.mga7
openldap-servers-2.4.50-1.1.mga7
openldap-servers-devel-2.4.50-1.1.mga7
openldap-clients-2.4.50-1.1.mga7
libldap2.4_2-2.4.50-1.1.mga7
libldap2.4_2-devel-2.4.50-1.1.mga7
libldap2.4_2-static-devel-2.4.50-1.1.mga7
openldap-back_sql-2.4.50-1.1.mga7
openldap-back_bdb-2.4.50-1.1.mga7
openldap-back_mdb-2.4.50-1.1.mga7
openldap-doc-2.4.50-1.1.mga7
openldap-tests-2.4.50-1.1.mga7
openldap-testprogs-2.4.50-1.1.mga7

from openldap-2.4.50-1.1.mga7.src.rpm

Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 2.4.50 => (none)

Comment 5 David Walser 2020-05-02 17:41:21 CEST
Addendum to references:
https://bugs.mageia.org/show_bug.cgi?id=24076
https://bugs.mageia.org/show_bug.cgi?id=26569
Comment 6 Herman Viaene 2020-05-04 14:46:07 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 25286 Comment 5 and 6 for testing.
At CLI:
# systemctl  start slapd
# systemctl -l status slapd
● slapd.service - OpenLDAP Server Daemon
   Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-05-04 13:48:05 CEST; 17s ago
  Process: 14744 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS)
  Process: 14782 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCALUSER} >
 Main PID: 14783 (slapd)
    Tasks: 3 (limit: 4915)
   Memory: 4.3M
   CGroup: /system.slice/slapd.service
           └─14783 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0

May 04 13:48:04 mach5.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon...
May 04 13:48:04 mach5.hviaene.thuis su[14752]: (to ldap) root on none
May 04 13:48:05 mach5.hviaene.thuis su[14752]: pam_unix(su:session): session opened for user ldap by (uid=0)
May 04 13:48:05 mach5.hviaene.thuis su[14752]: pam_unix(su:session): session closed for user ldap
May 04 13:48:05 mach5.hviaene.thuis ldap-config[14744]: Checking config file /etc/openldap/slapd.conf: [  OK  ]
May 04 13:48:05 mach5.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon.

$ ldapsearch -x -b '' -s base supportedControl   
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedControl 
#

#
dn:
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.3.6.1.1.22
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

$ ldapsearch -x -b '' -s base supportedFeatures
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedFeatures 
#

#
dn:
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

$ ldapsearch -x -b '' -s base supportedExtension
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedExtension 
#

#
dn:
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

$ make -C /usr/share/openldap/tests test
runs for more than 30 min., no errors noticed
OK for me

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 7 Thomas Andrews 2020-05-05 01:09:38 CEST
Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 8 David Walser 2020-05-05 01:30:29 CEST
And Comment 5.
Thomas Backlund 2020-05-05 12:19:45 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 9 Mageia Robot 2020-05-05 14:22:57 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0200.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.