Advisories » MGASA-2018-0162

Updated 389-ds-base packages fix CVE-2018-1054

Publication date: 07 Mar 2018
Modification date: 07 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1054

Description

389-ds-base has been updated to fix a security issue.

A flaw was found in 389 Directory Server that affects all versions. An
improper handling of the search feature with an extended filter, when
read access on <attribute_name> is enabled, in SetUnicodeStringFromUTF_8
function in collate.c, can lead to out-of-bounds memory operations. This
may allow a remote unauthenticated attacker to trigger a server crash,
thus resulting in denial of service. (CVE-2018-1054)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22710
• http://openwall.com/lists/oss-security/2018/03/06/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1054

SRPMS

6/core

• 389-ds-base-1.3.5.17-1.3.mga6