Mageia alert MGASA-2018-0404 (389-ds-base)


From:
               Mageia Updates <buildsystem-daemon@mageia.org> 
To:
               updates-announce@ml.mageia.org 
Subject:
               [updates-announce] MGASA-2018-0404: Updated 389-ds-base packages fix security vulnerabilities 
Date:
               Fri, 19 Oct 2018 20:01:37 +0200
Message-ID:
               <20181019180137.188C1A0017@duvel.mageia.org>
MGASA-2018-0404 - Updated 389-ds-base packages fix security vulnerabilities

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0404.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-10850,
     CVE-2018-10935,
     CVE-2018-14624

Description:
Updated 389-ds-base package fixes security vulnerabilities:

a race condition on reference counter leads to DoS using persistent
search (CVE-2018-10850)

ldapsearch with server side sort allows users to cause a crash
(CVE-2018-10935)

a server crash through the modify command with large DN
(CVE-2018-14624)

References:
- https://bugs.mageia.org/show_bug.cgi?id=23610
- https://access.redhat.com/errata/RHSA-2018:2757
- https://bugzilla.redhat.com/show_bug.cgi?id=1588056
- https://bugzilla.redhat.com/show_bug.cgi?id=1613606
- https://bugzilla.redhat.com/show_bug.cgi?id=1619450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...

SRPMS:
- 6/core/389-ds-base-1.3.5.17-1.6.mga6

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2018-0404: Updated 389-ds-base packages fix security vulnerabilities
Date:		Fri, 19 Oct 2018 20:01:37 +0200
Message-ID:		<20181019180137.188C1A0017@duvel.mageia.org>