Synopsis: Important: 389-ds-base security update
Advisory ID: SLSA-2013:1752-1
Issue Date: 2013-11-21
CVE Numbers: CVE-2013-4485
—
It was discovered that the 389 Directory Server did not properly handle
certain Get Effective Rights (GER) search queries when the attribute list,
which is a part of the query, included several names using the ‘@’
character. An attacker able to submit search queries to the 389 Directory
Server could cause it to crash. (CVE-2013-4485)
After installing this update, the 389 server service will be restarted
automatically.
—
SL6
x86_64
389-ds-base-1.2.11.15-30.el6_5.x86_64.rpm
389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-debuginfo-1.2.11.15-30.el6_5.x86_64.rpm
389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-devel-1.2.11.15-30.el6_5.x86_64.rpm
389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-libs-1.2.11.15-30.el6_5.x86_64.rpm
i386
389-ds-base-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-debuginfo-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-devel-1.2.11.15-30.el6_5.i686.rpm
389-ds-base-libs-1.2.11.15-30.el6_5.i686.rpm
The following RPMs were added for dependency resolution:
x86_64
openssl-1.0.1e-15.el6.i686.rpm
openssl-1.0.1e-15.el6.x86_64.rpm
openssl-devel-1.0.1e-15.el6.i686.rpm
openssl-devel-1.0.1e-15.el6.x86_64.rpm
openssl-perl-1.0.1e-15.el6.x86_64.rpm
openssl-static-1.0.1e-15.el6.x86_64.rpm
p11-kit-0.18.5-2.el6.i686.rpm
p11-kit-0.18.5-2.el6.x86_64.rpm
p11-kit-devel-0.18.5-2.el6.i686.rpm
p11-kit-devel-0.18.5-2.el6.x86_64.rpm
p11-kit-trust-0.18.5-2.el6.i686.rpm
p11-kit-trust-0.18.5-2.el6.x86_64.rpm
i386
openssl-1.0.1e-15.el6.i686.rpm
openssl-devel-1.0.1e-15.el6.i686.rpm
openssl-perl-1.0.1e-15.el6.i686.rpm
openssl-static-1.0.1e-15.el6.i686.rpm
p11-kit-0.18.5-2.el6.i686.rpm
p11-kit-devel-0.18.5-2.el6.i686.rpm
p11-kit-trust-0.18.5-2.el6.i686.rpm
– Scientific Linux Development Team
