ELSA-2018-0515

Опубликовано: 13 мар. 2018

Источник: oracle-oval

Платформа: Oracle Linux 6

Описание

ELSA-2018-0515: 389-ds-base security update (IMPORTANT)

[1.2.11-15-94]

Release 1.2.11.15-94
Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (fix cherry-pick error)

[1.2.11-15-93]

Release 1.2.11.15-93
Resolves: Bug 1544415 - CVE-2017-15135 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c
Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c

[1.2.11-15-92]

Release 1.2.11.15-92
Resolves: Bug 1543798 - EMBARGOED CVE-2018-1054 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

389-ds-base

1.2.11.15-94.el6_9

389-ds-base-devel

1.2.11.15-94.el6_9

389-ds-base-libs

1.2.11.15-94.el6_9

Oracle Linux i686

389-ds-base

1.2.11.15-94.el6_9

389-ds-base-devel

1.2.11.15-94.el6_9

389-ds-base-libs

1.2.11.15-94.el6_9

Связанные CVE

CVE-2018-1054

CVE-2017-15135

Ссылки на источники

Связанные уязвимости

ELSA-2018-0414

oracle-oval

больше 7 лет назад

ELSA-2018-0414: 389-ds-base security and bug fix update (IMPORTANT)

CVE-2018-1054

CVSS3: 7.5

ubuntu

больше 7 лет назад

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.

CVE-2018-1054

CVSS3: 7.5

redhat

больше 7 лет назад

CVE-2018-1054

CVSS3: 7.5

nvd

больше 7 лет назад

CVE-2018-1054

CVSS3: 7.5

debian

больше 7 лет назад

An out-of-bounds memory read flaw was found in the way 389-ds-base han ...