Advisories » MGASA-2017-0123

Updated 389-ds-base packages fix security vulnerability

Publication date: 02 May 2017
Modification date: 02 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2668

Description

An invalid pointer dereference flaw was found in the way 389-ds-base
handled LDAP bind requests. A remote unauthenticated attacker could use
this flaw to make ns-slapd crash via a specially crafted LDAP bind
request, resulting in denial of service. (CVE-2017-2668)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20659
• https://rhn.redhat.com/errata/RHSA-2017-0893.html
• https://rhn.redhat.com/errata/RHSA-2017-0920.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668

SRPMS

5/core

• 389-ds-base-1.3.4.14-1.2.mga5