 
| Content-Type: |
text/plain; charset="utf-8" |
| Date: |
Tue, 11 Apr 2017 18:47:22 -0000 |
| Reply-To: |
|
| Subject: |
|
| MIME-Version: |
1.0 |
| Message-ID: |
|
| Content-Transfer-Encoding: |
7bit |
| Sender: |
|
| From: |
|
| Parts/Attachments: |
|
|
Synopsis: Important: 389-ds-base security and bug fix update
Advisory ID: SLSA-2017:0893-1
Issue Date: 2017-04-11
CVE Numbers: CVE-2017-2668
--
Security Fix(es):
* An invalid pointer dereference flaw was found in the way 389-ds-base
handled LDAP bind requests. A remote unauthenticated attacker could use
this flaw to make ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)
Bug Fix(es):
* Previously, the "deref" plug-in failed to dereference attributes that
use distinguished name (DN) syntax, such as "uniqueMember". With this
patch, the "deref" plug-in can dereference such attributes and
additionally "Name and Optional UID" syntax. As a result, the "deref"
plug-in now supports any syntax.
--
SL6
x86_64
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm
i386
389-ds-base-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
- Scientific Linux Development Team
|
|
|
