ELSA-2018-1380

Опубликовано: 14 мая 2018

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2018-1380: 389-ds-base security and bug fix update (IMPORTANT)

[1.3.7.5-21]

Bump version to 1.3.7.5-21
Resolves: Bug 1559818 - EMBARGOED CVE-2018-1089 389-ds-base: ns-slapd crash via large filter value in ldapsearch

[1.3.7.5-20]

Bump version to 1.3.7.5-20
Resolves: Bug 1563079 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received
Resolves: Bug 1559764 - memberof fails if group is moved into scope
Resolves: Bug 1554720 - 'Truncated search results' pop-up appears in user details in WebUI
Resolves: Bug 1553605 - ipa-server-install fails with Error: Upgrade failed with no such entry
Resolves: Bug 1559760 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line
Resolves: Bug 1559464 - replica_write_ruv log a failure even when it succeeds

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

389-ds-base

1.3.7.5-21.el7_5

389-ds-base-devel

1.3.7.5-21.el7_5

389-ds-base-libs

1.3.7.5-21.el7_5

389-ds-base-snmp

1.3.7.5-21.el7_5

Oracle Linux x86_64

389-ds-base

1.3.7.5-21.el7_5

389-ds-base-devel

1.3.7.5-21.el7_5

389-ds-base-libs

1.3.7.5-21.el7_5

389-ds-base-snmp

1.3.7.5-21.el7_5

Связанные CVE

CVE-2018-1089

Ссылки на источники

Связанные уязвимости

CVE-2018-1089

CVSS3: 7.5

ubuntu

больше 7 лет назад

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.