Advisories » MGASA-2015-0183

Updated 389-ds-base packages fix CVE-2015-1854

Publication date: 03 May 2015
Modification date: 03 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-1854

Description

Updated 389-ds-base packages fix security vulnerability:

A flaw was found in the way Red Hat Directory Server performed
authorization of modrdn operations. An unauthenticated attacker able to
issue an ldapmodrdn call to the directory server could use this flaw to
perform unauthorized modifications of entries in the directory server
(CVE-2015-1854).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15796
• https://rhn.redhat.com/errata/RHSA-2015-0895.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1854

SRPMS

4/core

• 389-ds-base-1.3.3.10-1.mga4