Updated 389-ds-base packages fix security vulnerabilities
Publication date: 19 Oct 2018Modification date: 19 Oct 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10850 , CVE-2018-10935 , CVE-2018-14624
Description
Updated 389-ds-base package fixes security vulnerabilities:
a race condition on reference counter leads to DoS using persistent
search (CVE-2018-10850)
ldapsearch with server side sort allows users to cause a crash
(CVE-2018-10935)
a server crash through the modify command with large DN
(CVE-2018-14624)
References
- https://bugs.mageia.org/show_bug.cgi?id=23610
- https://access.redhat.com/errata/RHSA-2018:2757
- https://bugzilla.redhat.com/show_bug.cgi?id=1588056
- https://bugzilla.redhat.com/show_bug.cgi?id=1613606
- https://bugzilla.redhat.com/show_bug.cgi?id=1619450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10850
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10935
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14624
SRPMS
6/core
- 389-ds-base-1.3.5.17-1.6.mga6