| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fix-saslpath.diff | no | |||||
| CVE-2017-15135.patch | [PATCH] Ticket bz1525628 - invalid password migration causes unauth bind Bug Description: Slapi_ct_memcmp expects both inputs to be at LEAST size n. If they are not, we only compared UP to n. Invalid migrations of passwords (IE {CRYPT}XX) would create a pw which is just salt and no hash. ct_memcmp would then only verify the salt bits and would allow the authentication. This relies on an administrative mistake both of allowing password migration (nsslapd-allow-hashed-passwords) and then subsequently migrating an INVALID password to the server. Fix Description: slapi_ct_memcmp now access n1, n2 size and will FAIL if they are not the same, but will still compare n bytes, where n is the "longest" memory, to the first byte of the other to prevent length disclosure of the shorter value (generally the mis-migrated password) https://bugzilla.redhat.com/show_bug.cgi?id=1525628 Review by: ??? |
wibrown | no | 2018-01-18 | ||
| fix-s390x-failure.diff | commit 900e6fdcf152dd696b5ae189cb1d7c67ab143bae Issue 4563 - Failure on s390x: 'Fails to split RDN "o=pki-tomcat-CA" into components' (#4573) Bug description: SLAPI_OPERATION_TYPE is a stored/read as an int (slapi_pblock_get/set). This although the storage field is an unsigned long. Calling slapi_pblock_get with an long (8 btyes) destination creates a problem on big-endian (s390x). Fix description: Define destination op_type as an int (4 bytes) relates: https://github.com/389ds/389-ds-base/issues/4563 Reviewed by: Mark Reynolds, William Brown Platforms tested: F31 (little endian), Debian (big endian) diff --git a/ldap/servers/slapd/back-ldbm/ldbm_modify.c b/ldap/servers/slapd/back-ldbm/ldbm_modify.c index a507f3c31..49ca01d1d 100644 |
tbordaz <tbordaz@redhat.com> | no | 2021-01-28 | ||
| 4711-SIGSEV-with-sync_repl-4738.patch | [PATCH] Issue 4711 - SIGSEV with sync_repl (#4738) Bug description: sync_repl sends back entries identified with a unique identifier that is 'nsuniqueid'. If 'nsuniqueid' is missing, then it may crash Fix description: Check a nsuniqueid is available else returns OP_ERR Reviewed by: Pierre Rogier, James Chapman, William Brown (Thanks!) Platforms tested: F33 |
tbordaz <tbordaz@redhat.com> | no | 2021-04-27 |