Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:3362-1

Опубликовано: 18 дек. 2017
Источник: suse-cvrf

Описание

Security update for 389-ds

This update for 389-ds fixes the following issues:

  • CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997)
  • CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256)
  • CVE-2016-5405: 389-ds: Password verification vulnerable to timing attack (bsc#1007004)
  • CVE-2017-2591: 389-ds-base: Heap buffer overflow in uiduniq.c (bsc#1020670)
  • CVE-2017-2668 389-ds Remote crash via crafted LDAP messages (bsc#1069067)
  • CVE-2016-0741: 389-ds: worker threads do not detect abnormally closed connections causing DoS (bsc#1069074)

Список пакетов

openSUSE Leap 42.2
389-ds-1.3.4.5-8.1
389-ds-devel-1.3.4.5-8.1
openSUSE Leap 42.3
389-ds-1.3.4.5-8.1
389-ds-devel-1.3.4.5-8.1

Ссылки

Описание

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.

Затронутые продукты
openSUSE Leap 42.2:389-ds-1.3.4.5-8.1
openSUSE Leap 42.2:389-ds-devel-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-devel-1.3.4.5-8.1
Ссылки

Описание

389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.

Затронутые продукты
openSUSE Leap 42.2:389-ds-1.3.4.5-8.1
openSUSE Leap 42.2:389-ds-devel-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-devel-1.3.4.5-8.1
Ссылки

Описание

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an invalid pointer dereference in the way LDAP bind requests are handled. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service.

Затронутые продукты
openSUSE Leap 42.2:389-ds-1.3.4.5-8.1
openSUSE Leap 42.2:389-ds-devel-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-devel-1.3.4.5-8.1
Ссылки

Описание

389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to password brute-force attacks during account lockout due to different return codes returned on password attempts.

Затронутые продукты
openSUSE Leap 42.2:389-ds-1.3.4.5-8.1
openSUSE Leap 42.2:389-ds-devel-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-1.3.4.5-8.1
openSUSE Leap 42.3:389-ds-devel-1.3.4.5-8.1
Ссылки