[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1554-1] 389-ds-base security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : 389-ds-base
Version        : 1.3.3.5-4+deb8u4
CVE ID         : CVE-2018-14648

It was discovered that 389-ds-base (the 389 Directory Server) is vulnerable
to search queries with malformed values in the do_search() function
(servers/slapd/search.c). Attackers could leverage this vulnerability by
sending crafted queries in a loop to cause DoS.

For Debian 8 "Jessie", this problem has been fixed in version
1.3.3.5-4+deb8u4.

We recommend that you upgrade your 389-ds-base packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlvRn6AACgkQZYVUZx9w
0DSaqgf/UovxxepF+64NBh7m9LtixOa11T61ocMr1ebPQExv76NujJQlqYQ9O36v
Bidt5+3RHlznAn/askLm58wwEMb+yVdiFco5axQF84rjtbBLSiVfJ3+3ZCM2unDB
oO45quFbE/f+dCswZZrtsMaTT6Ssf1GlRgmc2Fpt2pJQZygo37vsXQmgW3Uvk3lU
9hr2Jdsl0SdFbSpMET38xrsxYB6oF+5sRV/bsjCbQ1I7G+S8JGrr3576ESIzXsUa
CQ2vc62/YUlXnVWv5NUNzmCDUIbeZ+rXgh1ZR6axn303tQU0Y0Wm0Vd8Oc7sVswu
d6yPSsfmxrA4kUSjmktCzJF6uT6GvA==
=CTcG
-----END PGP SIGNATURE-----


Reply to: