Scientific Linux alert SL-389--20120709 (389-ds-base) [LWN.net]


From:
    	       riehecky@fnal.gov 
To:
    	       scientific-linux-errata@fnal.gov 
Subject:
    	       Security ERRATA Low: 389-ds-base on SL6.x i386/x86_64 
Date:
    	       Mon, 9 Jul 2012 10:03:24 -0500
Message-ID:
    	       <201207091503.q69F3OpI020122@fefmon2.fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:    Low: 389-ds-base security, bug fix, and enhancement update
Issue Date:  2012-06-20
CVE Numbers: CVE-2012-0833


The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. (CVE-2012-0833)

These updated 389-ds-base packages also include numerous bug fixes and
enhancements.

Users are advised to upgrade to these updated 389-ds-base packages, which
resolve these issues and add these enhancements. After installing this
update, the 389 server service will be restarted automatically.

SL6:
  i386
     389-ds-base-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
  x86_64
     389-ds-base-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)