ALT-PU-2018-2783-1
Package 389-ds-base updated to version 1.3.9.0-alt3 for branch p8 in task 215439.
Closed vulnerabilities
BDU:2020-02774
Уязвимость функции log__error_emergency() сервера службы каталогов 389 Directory Server, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2020-02901
Уязвимость службы каталогов уровня предприятия 389 Directory Server, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2017-15134
A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
- openSUSE-SU-2019:1397
- openSUSE-SU-2019:1397
- 102790
- 102790
- RHSA-2018:0163
- RHSA-2018:0163
- https://bugzilla.redhat.com/show_bug.cgi?id=1531573
- https://bugzilla.redhat.com/show_bug.cgi?id=1531573
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update
- https://pagure.io/389-ds-base/c/6aa2acdc3cad9
- https://pagure.io/389-ds-base/c/6aa2acdc3cad9
Modified: 2024-11-21
CVE-2018-10871
389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.
- RHSA-2019:3401
- RHSA-2019:3401
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10871
- [debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update
- [debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update
- https://pagure.io/389-ds-base/issue/49789
- https://pagure.io/389-ds-base/issue/49789
Modified: 2024-11-21
CVE-2018-14624
A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.
- openSUSE-SU-2019:1397
- RHSA-2018:2757
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624
- [debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update
- https://pagure.io/389-ds-base/issue/49937
- openSUSE-SU-2019:1397
- https://pagure.io/389-ds-base/issue/49937
- [debian-lts-announce] 20180929 [SECURITY] [DLA 1526-1] 389-ds-base security update
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14624
- RHSA-2018:2757
Modified: 2024-11-21
CVE-2018-14638
A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.