Synopsis: Important: 389-ds-base security and bug fix update
Advisory ID: SLSA-2018:0414-1
Issue Date: 2018-03-06
CVE Numbers: CVE-2017-15135
CVE-2018-1054
--
Security Fix(es):
* 389-ds-base: remote Denial of Service (DoS) via search filters in
SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)
* 389-ds-base: Authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)
Bug Fix(es):
* Previously, if an administrator configured an index for an attribute
with a specific matching rule in the "nsMatchingRule" parameter, Directory
Server did not use the retrieved indexer. As a consequence, Directory
Server did not index the values of this attribute with the specified
matching rules, and searches with extended filters were unindexed. With
this update, Directory Server uses the retrieved indexer that processes
the specified matching rule. As a result, searches using extended filterswith a specified matching rule are now indexed.
--
SL7
x86_64
389-ds-base-1.3.6.1-28.el7_4.x86_64.rpm
389-ds-base-debuginfo-1.3.6.1-28.el7_4.x86_64.rpm
389-ds-base-devel-1.3.6.1-28.el7_4.x86_64.rpm
389-ds-base-libs-1.3.6.1-28.el7_4.x86_64.rpm
389-ds-base-snmp-1.3.6.1-28.el7_4.x86_64.rpm
- Scientific Linux Development Team
SciLinux: SLSA-2018-0414-1 Important: 389-ds-base on SL7.x x86_64
389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass due to lack of size ch...
Summary
Important: 389-ds-base security and bug fix update
Security Fixes
* 389-ds-base: remote Denial of Service (DoS) via search filters in
SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)
* 389-ds-base: Authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)
Severity
Advisory ID: SLSA-2018:0414-1
Issued Date: : 2018-03-06
CVE Numbers: CVE-2017-15135
CVE-2018-1054
News
HOWTOs
Features
About Us
Powered By
