Package: openldap Version: 2.4.42+dfsg-2 Code located in file libraries/libldap/tls_g.c, containing an interface to GnuTLS, suffers from a bug causing the configuration variable tls_reqcert to be read from previously freed memory, thus assuming random values or causing a segfault. This has been observed in slapd during syncrepl connection retries, but may possibly happen in other circumstances. Depending on the configuration, this can lead to TLS handshake failures, a silent omission of certificate verification (a security issue) or slapd unexpectedly crashing. This bug cannot be worked around by configuration changes. In order to avoid it, it is necessary to recompile package openldap either with a patch or with OpenSSL support (in which case the problematic code path is avoided).
Known affected versions are 2.4.41 to 2.4.44, but it is likely that earlier versions also contain this bug. The bug has been reported to OpenLDAP project and fixed in their git master: OpenLDAP commit: 283f3ae1713df449cc170965b311b19157f7b7ea Link: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=283f3ae1713df449cc170965b311b19157f7b7ea More details are available on OpenLDAP bug tracker at: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8385 Related Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248 Thank you
