Advisories » MGASA-2018-0193

Updated 389-ds-base packages fix security vulnerability

Publication date: 06 Apr 2018
Modification date: 06 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-15135

Description

It was discovered that a lack of size check in slapi_ct_memcmp()
function may lead to authentication bypass through pre-hashed
userPassword attributes under highly specific circumstances
(CVE-2017-15135).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22718
• https://access.redhat.com/security/cve/cve-2017-15135
• https://bugzilla.redhat.com/show_bug.cgi?id=1525628
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15135

SRPMS

6/core

• 389-ds-base-1.3.5.17-1.4.mga6