Well, considering that Ubuntu openldap maintainers consider e.g. CVE-2013-4449 (denial-of-service, 2.4.31 to 2.4.36 are vulnerable) not important enough to patch or update to a later openldap version, I expect there to be zero chance of this bug to be patched either. It seems that if it does not hurt the maintainers' systems, it's not worth fixing.
The current Ubuntu version I am using right now, 14.04 LTS, is certainly the last Ubuntu version I will be using. I am still evaluating the alternatives, but definitely all Debian jessie derivatives are straight out. I won't be monitoring this bug anymore, either. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4449 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1103353 Title: Invalid GnuTLS cipher suite strings causes libldap to crash Status in openldap package in Ubuntu: Triaged Status in openldap package in Debian: Fix Released Bug description: If the cipher suite string is unacceptable to GnuTLS, libldap_r-2.4 crashes due to a double free. GnuTLS is extremely picky about the cipher suite strings it accepts; as a first measure, try LDAP cipher suite string "SECURE256" or "NORMAL". If that stops the crash, then you have encountered this bug. Typically, the crash report begins with something like *** glibc detected *** APPLICATION: double free or corruption (!prev) /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7fc68cff0b96] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x38769)[0x7fc68bb13769] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x3570e)[0x7fc68bb1070e] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(ldap_pvt_tls_init_def_ctx+0x1d)[0x7fc68bb108ed] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x35965)[0x7fc68bb10965] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x35a6d)[0x7fc68bb10a6d] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(ldap_int_tls_start+0x5d)[0x7fc68bb1149d] The actual double free happens in openldap/libraries/libldap/tls2.c:ldap_int_tls_init_ctx(), in the ldap_pvt_tls_ctx_free(lo->ldo_tls_ctx); call in the error_exit: path. The root cause of the double free is lack of GnuTLS return value checks when calling gnutls_priority*() functions. The code simply assumes they succeed, and when GnuTLS fails to provide a valid context due to those failures, ldap_int_tls_init_ctx() tries to free the never-fully-initialized context. A simple fix is to create GnuTLS security contexts using the configured cipher suite string, instead of "NORMAL" as openldap/libraries/libldap/tls_g.c now does. If the cipher suite string is invalid, then do not create the context at all. This is caught earlier in ldap_int_tls_init_ctx(), and avoids the crash. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
