Advisories » MGASA-2016-0081

Updated 389-ds-base packages fix security vulnerability

Publication date: 23 Feb 2016
Modification date: 23 Feb 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0741

Description

An infinite-loop vulnerability was discovered in the 389 directory server,
where the server failed to correctly handle unexpectedly closed client
connections. A remote attacker able to connect to the server could use
this flaw to make the directory server consume an excessive amount of CPU
and stop accepting connections (denial of service) (CVE-2016-0741).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17784
• https://rhn.redhat.com/errata/RHSA-2016-0204.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0741

SRPMS

5/core

• 389-ds-base-1.3.4.8-1.mga5