Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-3401

Опубликовано: 14 нояб. 2019
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2019-3401: 389-ds:1.4 security, bug fix, and enhancement update (IMPORTANT)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module 389-ds:1.4 is enabled

389-ds-base

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-devel

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-legacy-tools

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-libs

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-snmp

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

python3-lib389

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

Oracle Linux x86_64

Module 389-ds:1.4 is enabled

389-ds-base

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-devel

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-legacy-tools

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-libs

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

389-ds-base-snmp

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

python3-lib389

1.4.1.3-7.module+el8.1.0+5386+aef60ae7

Связанные CVE

CVE-2019-3883
CVE-2019-14824
CVE-2019-10224
CVE-2018-10871

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-3883

CVSS3: 7.5
ubuntu
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

redhat логотип

CVE-2019-3883

CVSS3: 5.3
redhat
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

nvd логотип

CVE-2019-3883

CVSS3: 7.5
nvd
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most 'ioblocktimeout' seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.

debian логотип

CVE-2019-3883

CVSS3: 7.5
debian
почти 7 лет назад

In 389-ds-base up to version 1.4.1.2, requests are handled by workers ...

suse-cvrf логотип

SUSE-SU-2019:2155-1

suse-cvrf
больше 6 лет назад

Security update for 389-ds