User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2013-0357 (389-ds-base)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2013-0357: Updated 389-ds-base package fixes CVE-2013-4485
Date:  Sat, 30 Nov 2013 22:31:58 +0100
Message-ID:  <20131130213159.0133043D84@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2013-0357 - Updated 389-ds-base package fixes CVE-2013-4485 Publication date: 30 Nov 2013 URL: http://advisories.mageia.org/MGASA-2013-0357.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-4485 Description: Updated 389-ds-base packages fix security vulnerability: It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash (CVE-2013-4485). References: - http://port389.org/wiki/Releases/1.3.0.9 - https://rhn.redhat.com/errata/RHSA-2013-1752.html - https://bugs.mageia.org/show_bug.cgi?id=11720 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4485 SRPMS: - 3/core/389-ds-base-1.3.0.9-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds