Oval Definition:oval:org.opensuse.security:def:72794
Revision Date:2020-12-01Version:1
Title:Security update for 389-ds (Important)
Description:

This update for 389-ds to version 1.4.0.26 fixes the following issues:

Security issues fixed:

- CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201). - CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689). - CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187). - CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465). - CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674). - CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609). - CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606). - CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).
Family:unixClass:patch
Status:Reference(s):1083689
1092187
1099465
1105606
1108674
1109609
1120189
1132385
1137835
1144797
991201
CVE-2016-5416
CVE-2018-1054
CVE-2018-10871
CVE-2018-1089
CVE-2018-10935
CVE-2018-14638
CVE-2018-14648
CVE-2019-12779
CVE-2019-3883
SUSE-SU-2019:1791-1
SUSE-SU-2019:2155-1
Platform(s):SUSE Linux Enterprise High Availability 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise High Availability 15 SP1 is installed
  • AND Package Information
  • libqb-1.0.3+20190326.a521604-3.3 is installed
  • OR libqb-devel-1.0.3+20190326.a521604-3.3 is installed
  • OR libqb-tests-1.0.3+20190326.a521604-3.3 is installed
  • OR libqb-tools-1.0.3+20190326.a521604-3.3 is installed
  • OR libqb20-1.0.3+20190326.a521604-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed
  • AND Package Information
  • 389-ds-1.4.0.26~git0.8a2d3de6f-4.14 is installed
  • OR 389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14 is installed
    • BACK