Bug 13441 - CVE-2007-5794 Race Condition Security Issue
: CVE-2007-5794 Race Condition Security Issue
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/nss_ldap)
: unstable
: all Linux
: P2 normal
Assigned To:
:
:
:
:
: 14135
  Show dependency tree
 
Reported: 2007-11-16 08:59 by
Modified: 2008-01-24 10:19 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2007-11-16 08:59:33
Race condition in nss_ldap, when used in applications that use pthread and fork
after a call to nss_ldap, does not properly handle the LDAP connection, which
might cause nss_ldap to return the wrong user data to the wrong process. NOTE:
this issue was originally reported for Dovecot with the wrong mailboxes being
returned, but other applications might also be affected.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5794

Solution:
Update to version 259.
------- Comment #1 From 2007-11-24 14:51:39 -------
Надо бы починить.
------- Comment #2 From 2007-11-25 20:55:28 -------
У меня на этой неделе профаттестация. Если всё будет сносно - то на будущей
неделе займусь.
------- Comment #3 From 2007-12-06 11:05:33 -------
ping
------- Comment #4 From 2008-01-23 09:14:40 -------
Пакет обновили, а багу не закрыли, безобразие.
------- Comment #5 From 2008-01-23 09:15:04 -------
И в ченджлог пакета упоминание о CVE не добавили.
------- Comment #6 From 2008-01-23 09:15:25 -------
И в бранч и в updates не положили.
------- Comment #7 From 2008-01-24 10:19:50 -------
Ну... безобразие, но надо иногда страховать коллег; за что тебе и спасибо :)