Advisories » MGASA-2013-0357

Updated 389-ds-base package fixes CVE-2013-4485

Publication date: 30 Nov 2013
Modification date: 30 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4485

Description

Updated 389-ds-base packages fix security vulnerability:

It was discovered that the 389 Directory Server did not properly handle
certain Get Effective Rights (GER) search queries when the attribute list,
which is a part of the query, included several names using the '@'
character. An attacker able to submit search queries to the 389 Directory
Server could cause it to crash (CVE-2013-4485).
                

References

• http://port389.org/wiki/Releases/1.3.0.9
• https://rhn.redhat.com/errata/RHSA-2013-1752.html
• https://bugs.mageia.org/show_bug.cgi?id=11720
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4485

SRPMS

3/core

• 389-ds-base-1.3.0.9-1.mga3