Subject: | |
From: | |
Reply To: | |
Date: | Tue, 11 Apr 2017 18:47:22 -0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: 389-ds-base security and bug fix update
Advisory ID: SLSA-2017:0893-1
Issue Date: 2017-04-11
CVE Numbers: CVE-2017-2668
--
Security Fix(es):
* An invalid pointer dereference flaw was found in the way 389-ds-base
handled LDAP bind requests. A remote unauthenticated attacker could use
this flaw to make ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)
Bug Fix(es):
* Previously, the "deref" plug-in failed to dereference attributes that
use distinguished name (DN) syntax, such as "uniqueMember". With this
patch, the "deref" plug-in can dereference such attributes and
additionally "Name and Optional UID" syntax. As a result, the "deref"
plug-in now supports any syntax.
--
SL6
x86_64
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm
i386
389-ds-base-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
- Scientific Linux Development Team
|
|
|