Oval Definition:oval:org.opensuse.security:def:68690
Revision Date:2020-12-01Version:1
Title:Security update for 389-ds (Important)
Description:

This update for 389-ds fixes the following issues:

The following security vulnerabilities were addressed:

- CVE-2018-10850: Fixed a race condition on reference counter that would lead to a denial of service using persistent search (bsc#1096368) - CVE-2017-15134: Fixed a remote denial of service via search filters in slapi_filter_sprintf in slapd/util.c (bsc#1076530) - CVE-2017-15135: Fixed authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (bsc#1076530) - CVE-2018-10935: Fixed an issue that allowed users to cause a crash via ldapsearch with server side sorts (bsc#1105606) - CVE-2018-14624: The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(), allowing an attacker to send a flood of modifications to a very large DN, which could have caused slapd to crash (bsc#1106699).
Family:unixClass:patch
Status:Reference(s):1073313
1076530
1096368
1105606
1106699
1111388
1114845
1143194
1143273
CVE-2017-15134
CVE-2017-15135
CVE-2017-17740
CVE-2018-10850
CVE-2018-10935
CVE-2018-14624
CVE-2019-13057
CVE-2019-13565
SUSE-SU-2019:1207-2
SUSE-SU-2019:2395-1
Platform(s):SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • 389-ds-1.4.0.3-4.7 is installed
  • OR 389-ds-snmp-1.4.0.3-4.7 is installed
  • BACK