389-ds-base-1.2.11.15-95.AXS4

エラータID: AXSA:2018-3037:03

Release date: 
Friday, May 11, 2018 - 09:47
Subject: 
389-ds-base-1.2.11.15-95.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank Greg Kubok for reporting this issue.

CVE-2018-1089
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2018-1089
389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.2.11.15-95.AXS4.src.rpm
    MD5: 4a2933b310f6f87060281d593c4ab318
    SHA-256: a9be7c603b0b280401054c73a9602c741893ce9b7a2344e38a90e172e24cc3c6
    Size: 4.23 MB

Asianux Server 4 for x86
  1. 389-ds-base-1.2.11.15-95.AXS4.i686.rpm
    MD5: 7e29bf5cf8a4d84ec60600d7fbc6055b
    SHA-256: 1236d059ebf4fb5ff374c7e781237c92ce55a4a266964d54b978112e03d72f0b
    Size: 1.52 MB
  2. 389-ds-base-libs-1.2.11.15-95.AXS4.i686.rpm
    MD5: d111943a5ba58434673248671f554f8d
    SHA-256: 6a72011f01523305d8b7fc44a0dd382758fbbd03948e56c563fda5e907b6ef49
    Size: 450.11 kB

Asianux Server 4 for x86_64
  1. 389-ds-base-1.2.11.15-95.AXS4.x86_64.rpm
    MD5: 227f4d6aaa13756f9f88a3d854b64376
    SHA-256: d8c90ef953621e72818c73ee59abbd40c13fb5c9ac575c7c1c3217717c760b2d
    Size: 1.52 MB
  2. 389-ds-base-libs-1.2.11.15-95.AXS4.x86_64.rpm
    MD5: 3d462a2a9324387a75e9c6e12244e0ec
    SHA-256: 65c730ccd6c26b185d25b4117f7b0b37e919cba0b25d3802a216d0f920ad29fb
    Size: 444.85 kB
  3. 389-ds-base-libs-1.2.11.15-95.AXS4.i686.rpm
    MD5: d111943a5ba58434673248671f554f8d
    SHA-256: 6a72011f01523305d8b7fc44a0dd382758fbbd03948e56c563fda5e907b6ef49
    Size: 450.11 kB