Synopsis: Important: 389-ds-base security and bug fix update
Advisory ID: SLSA-2017:0893-1
Issue Date: 2017-04-11
CVE Numbers: CVE-2017-2668
—
Security Fix(es):
* An invalid pointer dereference flaw was found in the way 389-ds-base
handled LDAP bind requests. A remote unauthenticated attacker could use
this flaw to make ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)
Bug Fix(es):
* Previously, the “deref” plug-in failed to dereference attributes that
use distinguished name (DN) syntax, such as “uniqueMember”. With this
patch, the “deref” plug-in can dereference such attributes and
additionally “Name and Optional UID” syntax. As a result, the “deref”
plug-in now supports any syntax.
—
SL6
x86_64
389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm
i386
389-ds-base-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm
389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm
– Scientific Linux Development Team
