Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2015-0728

Опубликовано: 26 мар. 2015
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2015-0728: ipa and slapi-nis security and bug fix update (MODERATE)

ipa [4.1.0-18.0.1.el7_1.3]

  • Replace login-screen-logo.png [20362818]
  • Drop subscription-manager requires for OL7
  • Drop redhat-access-plugin-ipa requires for OL7
  • Blank out header-logo.png product-name.png

[4.1.0-18.3]

  • [ipa-python] ipalib.errors.LDAPError: failed to decode certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments. (#1194312)

[4.1.0-18.2]

  • IPA extdom plugin fails when encountering large groups (#1193759)
  • CVE-2015-0283 ipa: slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() (#1202997)

[4.1.0-18.1]

  • 'an internal error has occurred' during ipa host-del --updatedns (#1198431)
  • Renamed patch 1013 to 0114, as it was merged upstream
  • Fax number not displayed for user-show when kinit'ed as normal user. (#1198430)
  • Replication agreement with replica not disabled when ipa-restore done without IPA installed (#1199060)
  • Limit deadlocks between DS plugin DNA and slapi-nis (#1199128)

slapi-nis [0.54-3]

  • Fix CVE-2015-0283
  • Resolves: #1202995

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

ipa-admintools

4.1.0-18.0.1.el7_1.3

ipa-client

4.1.0-18.0.1.el7_1.3

ipa-python

4.1.0-18.0.1.el7_1.3

ipa-server

4.1.0-18.0.1.el7_1.3

ipa-server-trust-ad

4.1.0-18.0.1.el7_1.3

slapi-nis

0.54-3.el7_1

Связанные CVE

CVE-2015-0283
CVE-2015-1827

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2015-1827

ubuntu
больше 10 лет назад

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

redhat логотип

CVE-2015-1827

redhat
больше 10 лет назад

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

nvd логотип

CVE-2015-1827

nvd
больше 10 лет назад

The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user that belongs to a large number of groups.

debian логотип

CVE-2015-1827

debian
больше 10 лет назад

The get_user_grouplist function in the extdom plug-in in FreeIPA befor ...

ubuntu логотип

CVE-2015-0283

ubuntu
больше 10 лет назад

The slapi-nis plug-in before 0.54.2 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request for a (1) group with a large number of members or (2) user that belongs to a large number of groups.