LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

January 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA January 2018

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: 389-ds-base on SL7.x x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 25 Jan 2018 15:32:19 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (49 lines)

Synopsis:          Important: 389-ds-base security and bug fix update
Advisory ID:       SLSA-2018:0163-1
Issue Date:        2018-01-25
CVE Numbers:       CVE-2017-15134
--

Security Fix(es):

* A stack buffer overflow flaw was found in the way 389-ds-base handled
certain LDAP search filters. A remote, unauthenticated attacker could
potentially use this flaw to make ns-slapd crash via a specially crafted
LDAP request, thus resulting in denial of service. (CVE-2017-15134)

Bug Fix(es):

* Previously, when a connection received a high operation rate, Directory
Server stopped to poll the connection in certain situations. As a
consequence, new requests on the connection were not detected and
processed. With this update, Directory Server correctly decides whether a
connection has to be polled. As a result, connections with a high request
rate no longer remain unprocessed.

* Previously, if Directory Server was stopped during an operation which
created additional changes in the memory changelog, the Replication Update
Vector (RUV) in the changelog was higher than the RUV in the database. As
a consequence, Directory Server recreated the changelog when the server
started. With this update, the server now writes the highest RUV to the
changelog only if there is the highest Change Sequence Number (CSN)
present in it. As a result, the database and the changelog RUV are
consistent and the server does not need recreating the changelog at start
up.

* Due to a bug, using a large number of Class of Service (CoS) templates
in Directory Server increased the virtual attribute processing time. This
update improves the structure of the CoS storage. As a result, using a
large number of CoS templates no longer increases the virtual attribute
processing time.
--

SL7
  x86_64
    389-ds-base-1.3.6.1-26.el7_4.x86_64.rpm
    389-ds-base-debuginfo-1.3.6.1-26.el7_4.x86_64.rpm
    389-ds-base-devel-1.3.6.1-26.el7_4.x86_64.rpm
    389-ds-base-libs-1.3.6.1-26.el7_4.x86_64.rpm
    389-ds-base-snmp-1.3.6.1-26.el7_4.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV