389-ds-base-1.3.8.4-15.el7

エラータID: AXSA:2018-3383:09

Release date: 
Tuesday, November 6, 2018 - 03:58
Subject: 
389-ds-base-1.3.8.4-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

The following packages have been upgraded to a later upstream version: 389-ds-base (1.3.8.4). (BZ#1560653)

Security Fix(es):

* 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.6 Release Notes linked from the References section.

CVE-2018-14648
A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.3.8.4-15.el7.src.rpm
    MD5: a4478ded45a9852f0c9540daf91c4292
    SHA-256: 3242533881e81156e94c55fbb79853dad1900e83b13b31ccdd1c9b264756fbe9
    Size: 3.60 MB

Asianux Server 7 for x86_64
  1. 389-ds-base-1.3.8.4-15.el7.x86_64.rpm
    MD5: 5746124825427cdf3cd024e148744314
    SHA-256: 44f8a38b5912f27fdc5283bfde4528cacc2b64c88a25f7c59a781938c77d8cb8
    Size: 1.72 MB
  2. 389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm
    MD5: 6b587a886515dca0b0ade7551bcb0fef
    SHA-256: df627f0ce6fb883390d601bd244104e6f0bfa8ab9f482a2fb2070c3ab521336c
    Size: 697.56 kB