ALT-BU-2019-3485-1
Branch sisyphus update bulletin.
Package kde5-akonadi-search updated to version 18.12.1-alt1 for branch sisyphus in task 220505.
Closed bugs
Падает krunner
Package 389-ds-base updated to version 1.4.1.1-alt1 for branch sisyphus in task 220438.
Closed vulnerabilities
BDU:2020-00801
Уязвимость сервера службы каталогов 389 Directory Server, вызванная чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02768
Уязвимость сервера службы каталогов 389 Directory Server, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02902
Уязвимость службы каталогов уровня предприятия 389 Directory Server, связанная с неправильной аутентификацией, позволяющая нарушителю получить доступ к конфиденциальным данным
BDU:2022-05559
Уязвимость реализации функции поиска сервера службы каталогов 389 Directory Server, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-15135
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
Modified: 2024-11-21
CVE-2018-1054
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
- 103228
- 103228
- RHSA-2018:0414
- RHSA-2018:0414
- RHSA-2018:0515
- RHSA-2018:0515
- https://bugzilla.redhat.com/show_bug.cgi?id=1537314
- https://bugzilla.redhat.com/show_bug.cgi?id=1537314
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- https://pagure.io/389-ds-base/issue/49545
- https://pagure.io/389-ds-base/issue/49545
Modified: 2024-11-21
CVE-2018-10850
389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.
- openSUSE-SU-2019:1397
- openSUSE-SU-2019:1397
- RHSA-2018:2757
- RHSA-2018:2757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10850
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- https://pagure.io/389-ds-base/c/8f04487f99a
- https://pagure.io/389-ds-base/c/8f04487f99a
- https://pagure.io/389-ds-base/issue/49768
- https://pagure.io/389-ds-base/issue/49768
Modified: 2024-11-21
CVE-2018-14648
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.
- RHSA-2018:3127
- RHSA-2018:3507
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648
- [debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update
- RHSA-2018:3127
- [debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648
- RHSA-2018:3507
Modified: 2024-11-21
CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.