Описание
ELSA-2019-1896: 389-ds-base security and bug fix update (MODERATE)
[1.3.8.4-25.1]
- Bump version to 1.3.8.4-25.1
- Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character (missing patch file)
[1.3.8.4-25]
- Bump version to 1.3.8.4-25
- Resolves: Bug 1722828 - referint update should discard any changes if mep update fails
- Resolves: Bug 1718689 - dse.ldif strip-off string after 1023 character
- Resolves: Bug 1719720 - CVE-2019-3883 389-ds-base: DoS via hanging secured connections
[1.3.8.4-24]
- Bump version to 1.3.8.4-24
- Resolves: Bug 1718184 - segfault when using pam passthru and addn plugins together
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
389-ds-base
1.3.8.4-25.1.el7_6
389-ds-base-devel
1.3.8.4-25.1.el7_6
389-ds-base-libs
1.3.8.4-25.1.el7_6
389-ds-base-snmp
1.3.8.4-25.1.el7_6
Oracle Linux x86_64
389-ds-base
1.3.8.4-25.1.el7_6
389-ds-base-devel
1.3.8.4-25.1.el7_6
389-ds-base-libs
1.3.8.4-25.1.el7_6
389-ds-base-snmp
1.3.8.4-25.1.el7_6
Связанные CVE
Связанные уязвимости
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.
In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...
In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.