CVE-2012-1164

slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
openldap	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not affected
	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 2.4.28-1.1ubuntu4.5
	11.10 oneiric	Ignored end of life
	11.04 natty	Ignored end of life
	10.10 maverick	Ignored end of life
	10.04 LTS lucid	Ignored end of life
	8.04 LTS hardy	Not in release

Notes

jdstrand

Per Debian bug report, you have to be using slapo-translucent and slapo-rwm, so downgrading to 'low'

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
openldap	Other: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae Other: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 Other: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0

References

Related Ubuntu Security Notices (USN)

USN-2622-1
OpenLDAP vulnerabilities
26 May 2015

Status

Notes

Patch details

References

Related Ubuntu Security Notices (USN)

Other references