Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 642
    • Issues 642
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 194
    • Merge Requests 194
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #836

Closed
Open
Opened Nov 22, 2011 by Natanael Copa@ncopaOwner

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier

Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value.

Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4079
http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059

Patch:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=507238713b71208ec4f262f312cb495a302df9e9

Affects Alpine Linux v2.1 (openldap-2.4.24-r0)

(from redmine: issue id 836, created on 2011-11-22, closed on 2012-01-05)

  • Relations:
    • relates #835 (closed)
  • Changesets:
    • Revision 4beef45c by Natanael Copa on 2011-11-22T07:18:45Z:
main/openldap: security fix (CVE-2011-4079)

fixes #836
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
Alpine 2.1.7
Milestone
Alpine 2.1.7 (Past due)
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#836