Bug 1190644 (CVE-2015-1546)
| Summary: | CVE-2015-1546 openldap: slapd crash in valueReturnFilter cleanup | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cdewolf, dandread, darran.lofthouse, ebenes, fnasser, grocha, huwang, jason.greene, jawilson, jsynacek, jv+fedora, lgao, myarboro, pgier, phracek, pslavice, rmeggins, rsvoboda, scorneli, slawomir, vtunka |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-06-19 12:52:08 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1190646 | ||
| Bug Blocks: | 1190647 | ||
|
Description
Vasyl Kaigorodov
2015-02-09 10:41:42 UTC
Created openldap tracking bugs for this issue: Affects: fedora-all [bug 1190646] Statement: Although we do ship the vulnerable function, the attack vector demonstrated in the original report does not apply to us, as we've never backported the patch that introduces this particular attack vector. We're currently unaware of an attack vector that applies to us. Red Hat Product Security has rated this issue as having a security impact of Moderate. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. |