Synopsis:    Low: 389-ds-base security, bug fix, and enhancement update
Issue Date:  2012-06-20
CVE Numbers: CVE-2012-0833


The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. (CVE-2012-0833)

These updated 389-ds-base packages also include numerous bug fixes and
enhancements.

Users are advised to upgrade to these updated 389-ds-base packages, which
resolve these issues and add these enhancements. After installing this
update, the 389 server service will be restarted automatically.

SL6:
  i386
     389-ds-base-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
  x86_64
     389-ds-base-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm

- Scientific Linux Development Team