Synopsis: Important: 389-ds-base security and bug fix update Advisory ID: SLSA-2017:0893-1 Issue Date: 2017-04-11 CVE Numbers: CVE-2017-2668 -- Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) Bug Fix(es): * Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax. -- SL6 x86_64 389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm i386 389-ds-base-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm - Scientific Linux Development Team