Synopsis:          Important: 389-ds-base security and bug fix update
Advisory ID:       SLSA-2018:0414-1
Issue Date:        2018-03-06
CVE Numbers:       CVE-2017-15135
                   CVE-2018-1054
--

Security Fix(es):

* 389-ds-base: remote Denial of Service (DoS) via search filters in
SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)

* 389-ds-base: Authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)

Bug Fix(es):

* Previously, if an administrator configured an index for an attribute
with a specific matching rule in the "nsMatchingRule" parameter, Directory
Server did not use the retrieved indexer. As a consequence, Directory
Server did not index the values of this attribute with the specified
matching rules, and searches with extended filters were unindexed. With
this update, Directory Server uses the retrieved indexer that processes
the specified matching rule. As a result, searches using extended filters
with a specified matching rule are now indexed.
--

SL7
  x86_64
    389-ds-base-1.3.6.1-28.el7_4.x86_64.rpm
    389-ds-base-debuginfo-1.3.6.1-28.el7_4.x86_64.rpm
    389-ds-base-devel-1.3.6.1-28.el7_4.x86_64.rpm
    389-ds-base-libs-1.3.6.1-28.el7_4.x86_64.rpm
    389-ds-base-snmp-1.3.6.1-28.el7_4.x86_64.rpm

- Scientific Linux Development Team