Advisories » MGASA-2018-0245

Updated 389-ds-base packages fix security vulnerability

Publication date: 16 May 2018
Modification date: 16 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1089

Description

389-ds-base did not properly handle characters needed to be escaped in
its query filter. This could result in buffer overflows, from the heap
or the stack, on larger filters.  An unauthenticated attacker could send
a specially crafted LDAP request and crash the server (CVE-2018-1089).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23005
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1089
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089

SRPMS

6/core

• 389-ds-base-1.3.5.17-1.5.mga6