| Revision Date: | 2019-07-01 | Version: | 1 |
| Title: | Security update for 389-ds (Important) |
| Description: |
This update for 389-ds fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10850: Fixed a race condition on reference counter that would lead to a denial of service using persistent search (bsc#1096368) - CVE-2017-15134: Fixed a remote denial of service via search filters in slapi_filter_sprintf in slapd/util.c (bsc#1076530) - CVE-2017-15135: Fixed authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (bsc#1076530) - CVE-2018-10935: Fixed an issue that allowed users to cause a crash via ldapsearch with server side sorts (bsc#1105606) - CVE-2018-14624: The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(), allowing an attacker to send a flood of modifications to a very large DN, which could have caused slapd to crash (bsc#1106699).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1076530
1096368
1105606
1106699
CVE-2017-15134
CVE-2017-15135
CVE-2018-10850
CVE-2018-10935
CVE-2018-14624
SUSE-SU-2019:1207-2
|
| Platform(s): | SUSE Linux Enterprise High Performance Computing 15 SP1
SUSE Linux Enterprise Module for Server Applications 15 SP1
SUSE Linux Enterprise Server 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Server 4.0
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information
389-ds-1.4.0.3-4.7.52 is installed
OR 389-ds-devel-1.4.0.3-4.7.52 is installed
|