Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in net-nds/openldap |
||||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: net-nds/openldap Package Version: [cpe:/a:openldap:openldap:2.4.44] Advisory: CVE-2017-9287 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-9287 CVSS severity score: 4/10.0 Confidence: high Description: servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
,
Jun 13 2017
jorgelo, could you help triage pretty-please?
,
Jun 13 2017
Sorry - I didn't see this. I'll take a look at an upgrade tomorrow. However we aren't affected. Because we don't run slapd, and I'm 99% sure I masked out all the binaries from this package last time. https://chromium-review.googlesource.com/c/431568/
,
Jun 14 2017
Ok, thanks! I'm going to mark this as Security_Impact-None then.
,
Jun 14 2017
Thanks Emily for flagging and Zentaro for triaging.
,
Jun 14 2017
Impact-None but let's still try to fix by 61.
,
Sep 4
Closing old bug. We don't run the server code and all the LDAP binaries are masked out from the image.
,
Sep 5
,
Dec 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by lgar...@chromium.org
, Jun 10 2017Status: Assigned (was: Untriaged)