Login
Newsletter
Werbung

Sicherheit: Denial of Service in 389-ds-base
Aktuelle Meldungen Distributionen
Name: Denial of Service in 389-ds-base
ID: FEDORA-2018-bdfd69e662
Distribution: Fedora
Plattformen: Fedora 26
Datum: Do, 17. Mai 2018, 17:06
Referenzen: Keine Angabe
Applikationen: 389 Directory Server

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-bdfd69e662
2018-05-17 13:36:59.993318
-------------------------------------------------------------------------------
-

Name : 389-ds-base
Product : Fedora 26
Version : 1.3.6.15
Release : 1.fc26
URL : http://www.port389.org
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

-------------------------------------------------------------------------------
-
Update Information:

Bump version to 1.3.6.15-1
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue May 8 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.15-1
- Bump version to 1.3.6.15-1
- Ticket 49661 - CVE-2018-1089 - Crash from long search filter
- Ticket 49631 - same csn generated twice
- Ticket 49652 - DENY aci's are not handled properly
- Ticket 49644 - crash in debug build
- Ticket 49619 - adjustment of csn_generator can fail so next generated csn can
be equal to the most recent one received
* Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.14-1
- Bump version to 1.3.6.14
- Ticket 49545 - final substring extended filter search returns invalid result
- Ticket 49471 - heap-buffer-overflow in ss_unescape
- Ticket 49296 - Fix race condition in connection code with anonymous limits
- Ticket 49568 - Fix integer overflow on 32bit platforms
* Mon Feb 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.13-1.1
- Add cyrus-sasl-plain requirement
* Wed Jan 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.13-1
- Bump version to 1.3.6.13
- CVE-2017-15134 - Remote DoS via search filters in slapi_filter_sprintf
- Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL
- Ticket 49509 - Indexing of internationalized matching rules is failing
- Ticket 49524 - Password policy: minimum token length fails when the token
length is equal to attribute length
- Ticket 49495 - Fix memory management is vattr.
- Ticket 48118 - Changelog can be erronously rebuilt at startup
- Ticket 49474 - sasl allow mechs does not operate correctly
* Mon Nov 20 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.12-1
- Bump version to 1.3.6.12
- Ticket 49298 - fix complier warn
- Ticket 49298 - Correct error codes with config restore.
- Ticket 49410 - opened connection can remain no longer poll, like hanging
* Tue Nov 7 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.11-1
- Bump version to 1.3.6.11-1
- Ticket 49441 - Import crashes with large indexed binary attributes
- Ticket 49436 - double free in COS in some conditions
* Fri Nov 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.10-1
- Bump version to 1.3.6.10-1
- Ticket 49439 - cleanallruv is not logging information
- Ticket 49431 - replicated MODRDN fails breaking replication
- Ticket 49402 - Adding a database entry with the same database name that was
deleted hangs server at shutdown
- Ticket 48235 - remove memberof lock (cherry-pick error)
- Ticket 49401 - Fix compiler incompatible-pointer-types warnings
- Ticket 49401 - improve valueset sorted performance on delete
- Ticket 48894 - harden valueset_array_to_sorted_quick valueset access
- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl
- Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl
line 2565, <$LOGFH> line 4
- Ticket 48235 - Remove memberOf global lock
* Mon Oct 9 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.9-1
- Bump version to 1.3.6.9
- Ticket 49392 - memavailable not available
- Ticket 49389 - unable to retrieve specific cosAttribute when subtree password
policy is configured
- Ticket 49180 - backport 1.3.6 errors log filled with attrlist_replace -
attr_replace
- Ticket 49379 - Allowed sasl mapping requires restart
- Ticket 49327 - password expired control not sent during grace logins
- Ticket 49380 - Add CI test
- Ticket 49380 - Crash when adding invalid replication agreement
- Ticket 49370 - local password policies should use the same defaults as the
global policy
- Ticket 49364 - incorrect function declaration.
- Ticket 49368 - Fix typo in log message
* Tue Aug 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.8-1
- Bump version to 1.3.6.8
- Ticket 49356 - mapping tree crash can occur during tot init
* Mon Aug 14 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.7-1
- Bump version to 1.3.6.7-1
- Ticket 49330 - Improve ndn cache performance 1.3.6
- Ticket 49298 - fix missing header
- Ticket 49298 - force sync() on shutdown
- Ticket 49336 - SECURITY: Locked account provides different return code
- Ticket 49334 - fix backup restore if changelog exists
- Ticket 49313 - Change the retrochangelog default cache size
- Fix error log format in add.c
- Ticket 49287 - fix compiler warning for patch 49287
- Ticket 49287 - v3 extend csnpl handling to multiple backends
- Ticket 49288 - RootDN Access wrong plugin path in template-dse.ldif.in
- Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if related pblock
has not operation set
- Ticket 49008 - Fix MO plugin betxn test
- Ticket 49227 - ldapsearch does not return the expected Error log level
- Ticket 49028 - Add autotuning test suite
- Ticket 49273 - bak2db doesn't operate with dbversion
- Ticket 49184 - adjust logging level in MO plugin
- Ticket 49257 - only register modify callbacks
- Ticket 49257 - Update CI script
- Ticket 49008 - Adjust CI test for new memberOf behavior
- Ticket 49273 - crash when DBVERSION is corrupt.
- Ticket 49268 - master branch fails on big endian systems
- Ticket 49241 - add symblic link location to db2bak.pl output
- Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize when
nsslapd-cache-autosize is set
- Ticket 48538 - Failed to delete old semaphore
- Ticket 49231 - force EXTERNAL always
- Ticket 49267 - autosize split of 0 results in dbcache of 0
* Tue Jun 6 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.6-2.1
- Revise upgrade logic
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-bdfd69e662' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3TUWFI74VFPVPP4E4PMOB6XEKCIXX7E/
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung