Ubuntu has issued an advisory on July 3: https://ubuntu.com/security/notices/USN-6197-1 The issue is fixed upstream in 2.6.4. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.6.4Whiteboard: (none) => MGA8TOO
Assigning to Buchan, principle packager for this thing.
Assignee: bugsquad => bgmilne
> The issue is fixed upstream in 2.6.4. And in 2.5.14, which is present in Cauldron. > Mageia 8 is also affected. I will address only that issue here, shortly.
Status comment: Fixed upstream in 2.6.4 => Fixed upstream in 2.6.4 and 2.5.14
Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Source RPM: openldap-2.5.14-1.mga9.src.rpm => openldap-2.4.57-1.2.mga8.src.rpm
openldap-2.4.57-1.3.mga8 is currently building in the build system, the resulting packages (for x86_64) are: lib64ldap2.4_2-2.4.57-1.3.mga8.x86_64.rpm lib64ldap2.4_2-debuginfo-2.4.57-1.3.mga8.x86_64.rpm lib64ldap2.4_2-devel-2.4.57-1.3.mga8.x86_64.rpm lib64ldap2.4_2-static-devel-2.4.57-1.3.mga8.x86_64.rpm openldap-2.4.57-1.3.mga8.x86_64.rpm openldap-back_bdb-2.4.57-1.3.mga8.x86_64.rpm openldap-back_bdb-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-back_mdb-2.4.57-1.3.mga8.x86_64.rpm openldap-back_mdb-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-back_sql-2.4.57-1.3.mga8.x86_64.rpm openldap-back_sql-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-clients-2.4.57-1.3.mga8.x86_64.rpm openldap-clients-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-debugsource-2.4.57-1.3.mga8.x86_64.rpm openldap-doc-2.4.57-1.3.mga8.x86_64.rpm openldap-servers-2.4.57-1.3.mga8.x86_64.rpm openldap-servers-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-servers-devel-2.4.57-1.3.mga8.x86_64.rpm openldap-testprogs-2.4.57-1.3.mga8.x86_64.rpm openldap-testprogs-debuginfo-2.4.57-1.3.mga8.x86_64.rpm openldap-tests-2.4.57-1.3.mga8.x86_64.rpm Apologies for the delay in this update.
Status: NEW => ASSIGNEDCC: (none) => bgmilneAssignee: bgmilne => qa-bugs
Status comment: Fixed upstream in 2.6.4 and 2.5.14 => (none)
MGA8-64 MATE on Acer Aspire 5253 No instellation issues Ref bug 28300 for testing: # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: inactive (dead) # systemctl start slapd # systemctl -l status slapd ● slapd.service - OpenLDAP Server Daemon Loaded: loaded (/usr/lib/systemd/system/slapd.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2023-08-27 11:00:33 CEST; 2s ago Process: 36819 ExecStartPre=/usr/share/openldap/scripts/ldap-config check (code=exited, status=0/SUCCESS) Process: 37089 ExecStart=/usr/sbin/slapd -u ${LDAP_USER} -g ${LDAP_GROUP} -h ${SLAPDURLLIST} -l ${SLAPDSYSLOGLOCA> Main PID: 37108 (slapd) Tasks: 3 (limit: 4364) Memory: 3.4M CPU: 282ms CGroup: /system.slice/slapd.service └─37108 /usr/sbin/slapd -u ldap -g ldap -h ldap:/// ldapi:/// -l local4 -s 0 Aug 27 11:00:31 mach7.hviaene.thuis systemd[1]: Starting OpenLDAP Server Daemon... Aug 27 11:00:31 mach7.hviaene.thuis su[36835]: (to ldap) root on none Aug 27 11:00:32 mach7.hviaene.thuis ldap-config[36819]: Checking config file /etc/openldap/slapd.conf: [ OK ] Aug 27 11:00:33 mach7.hviaene.thuis systemd[1]: Started OpenLDAP Server Daemon. Continuing ......
CC: (none) => herman.viaene
As normal user: $ ldapsearch -x -b '' -s base supportedFeatures # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedFeatures # # dn: supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 $ make -C /usr/share/openldap/tests test make: Entering directory '/usr/share/openldap/tests' make[1]: Entering directory '/usr/share/openldap/tests' Initiating LDAP tests for BDB... Cleaning up test run directory leftover from previous run. Running ./scripts/all for bdb... >>>>> Executing all LDAP tests for bdb >>>>> Starting test000-rootdse for bdb... running defines.sh Starting slapd on TCP/IP port 9011... Using ldapsearch to retrieve the root DSE... Using ldapsearch to retrieve the cn=Subschema... Using ldapsearch to retrieve the cn=Monitor... dn: objectClass: top objectClass: OpenLDAProotDSE structuralObjectClass: OpenLDAProotDSE configContext: cn=config namingContexts: o=OpenLDAP Project,l=Internet monitorContext: cn=Monitor supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.1.22 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: GS2-IAKERB supportedSASLMechanisms: GS2-KRB5 supportedSASLMechanisms: GSSAPI vendorName: The OpenLDAP Project <http://www.openldap.org/> entryDN: subschemaSubentry: cn=Subschema dn: cn=Subschema objectClass: top objectClass: subentry objectClass: subschema objectClass: extensibleObject cn: Subschema dn: cn=Monitor objectClass: monitorServer cn: Monitor description: This subtree contains monitoring/managing objects. description: This object contains information about this server. description: Most of the information is held in operational attributes, which must be explicitly requested. monitoredInfo: OpenLDAP: slapd 2.4.57 (Aug 13 2023 17:10:21) and a load more ...... At the end: Test succeeded >>>>> test065-proxyauthz completed OK for mdb. 0 tests for mdb were skipped. make[1]: Leaving directory '/usr/share/openldap/tests' make: Leaving directory '/usr/share/openldap/tests' Good enough as in previous update.
Whiteboard: (none) => MGA8-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory committed to svn as $ cat 32073.adv type: security subject: Updated openldap packages fix security vulnerability CVE: - CVE-2023-2953 src: 8: core: - openldap-2.4.57-1.3.mga8 description: | Null pointer dereference in ber_memalloc_x() function (CVE-2023-2953) references: - https://bugs.mageia.org/show_bug.cgi?id=32073 - https://ubuntu.com/security/notices/USN-6197-1
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0252.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED