[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: About Buffer Overflows

--On Tuesday, February 22, 2005 10:11 AM +0900 ZhangPu <zhang@fjh.fujitsu.com> wrote:

I would note that OL 2.1.19 is quite old at this point
(and the OL 2.1 line is deprecated).
So does it mean OL 2.1 line is unsafe in buffer overflow problem?
If use 2.1.19, buffer overflow may occur in somewhere which has
not been detected (or you didn't know clearly)?

Given how very old the security alert you asked about is, I would seriously doubt any such issue exist in OpenLDAP 2.1 or 2.2, or there would exist a similar alert for those releases.

Also you cannot assure that there isn't buffer overflow problem
in the release from 2.2.0 to 2.2.22? But currently, the safer release
is OL 2.2.23 or later.

There was a different issue present in OL 2.1 & 2.2 releases prior to OpenLDAP 2.2.23. If you want the latest release that has the fewest known bugs/issues, then use OpenLDAP 2.2.23.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin