drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in 389-ds-base
Name: |
Denial of Service in 389-ds-base |
|
ID: |
FEDORA-2018-bdfd69e662 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 26 |
|
Datum: |
Do, 17. Mai 2018, 17:06 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-bdfd69e662 2018-05-17 13:36:59.993318 ------------------------------------------------------------------------------- -
Name : 389-ds-base Product : Fedora 26 Version : 1.3.6.15 Release : 1.fc26 URL : http://www.port389.org Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
Bump version to 1.3.6.15-1 ------------------------------------------------------------------------------- - ChangeLog:
* Tue May 8 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.15-1 - Bump version to 1.3.6.15-1 - Ticket 49661 - CVE-2018-1089 - Crash from long search filter - Ticket 49631 - same csn generated twice - Ticket 49652 - DENY aci's are not handled properly - Ticket 49644 - crash in debug build - Ticket 49619 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received * Tue Mar 6 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.14-1 - Bump version to 1.3.6.14 - Ticket 49545 - final substring extended filter search returns invalid result - Ticket 49471 - heap-buffer-overflow in ss_unescape - Ticket 49296 - Fix race condition in connection code with anonymous limits - Ticket 49568 - Fix integer overflow on 32bit platforms * Mon Feb 19 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.13-1.1 - Add cyrus-sasl-plain requirement * Wed Jan 31 2018 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.13-1 - Bump version to 1.3.6.13 - CVE-2017-15134 - Remote DoS via search filters in slapi_filter_sprintf - Ticket 49463 - After cleanALLruv, there is a flow of keep alive DEL - Ticket 49509 - Indexing of internationalized matching rules is failing - Ticket 49524 - Password policy: minimum token length fails when the token length is equal to attribute length - Ticket 49495 - Fix memory management is vattr. - Ticket 48118 - Changelog can be erronously rebuilt at startup - Ticket 49474 - sasl allow mechs does not operate correctly * Mon Nov 20 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.12-1 - Bump version to 1.3.6.12 - Ticket 49298 - fix complier warn - Ticket 49298 - Correct error codes with config restore. - Ticket 49410 - opened connection can remain no longer poll, like hanging * Tue Nov 7 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.11-1 - Bump version to 1.3.6.11-1 - Ticket 49441 - Import crashes with large indexed binary attributes - Ticket 49436 - double free in COS in some conditions * Fri Nov 3 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.10-1 - Bump version to 1.3.6.10-1 - Ticket 49439 - cleanallruv is not logging information - Ticket 49431 - replicated MODRDN fails breaking replication - Ticket 49402 - Adding a database entry with the same database name that was deleted hangs server at shutdown - Ticket 48235 - remove memberof lock (cherry-pick error) - Ticket 49401 - Fix compiler incompatible-pointer-types warnings - Ticket 49401 - improve valueset sorted performance on delete - Ticket 48894 - harden valueset_array_to_sorted_quick valueset access - Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl - Ticket 48681 - Use of uninitialized value in string ne at /usr/bin/logconv.pl line 2565, <$LOGFH> line 4 - Ticket 48235 - Remove memberOf global lock * Mon Oct 9 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.9-1 - Bump version to 1.3.6.9 - Ticket 49392 - memavailable not available - Ticket 49389 - unable to retrieve specific cosAttribute when subtree password policy is configured - Ticket 49180 - backport 1.3.6 errors log filled with attrlist_replace - attr_replace - Ticket 49379 - Allowed sasl mapping requires restart - Ticket 49327 - password expired control not sent during grace logins - Ticket 49380 - Add CI test - Ticket 49380 - Crash when adding invalid replication agreement - Ticket 49370 - local password policies should use the same defaults as the global policy - Ticket 49364 - incorrect function declaration. - Ticket 49368 - Fix typo in log message * Tue Aug 22 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.8-1 - Bump version to 1.3.6.8 - Ticket 49356 - mapping tree crash can occur during tot init * Mon Aug 14 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.7-1 - Bump version to 1.3.6.7-1 - Ticket 49330 - Improve ndn cache performance 1.3.6 - Ticket 49298 - fix missing header - Ticket 49298 - force sync() on shutdown - Ticket 49336 - SECURITY: Locked account provides different return code - Ticket 49334 - fix backup restore if changelog exists - Ticket 49313 - Change the retrochangelog default cache size - Fix error log format in add.c - Ticket 49287 - fix compiler warning for patch 49287 - Ticket 49287 - v3 extend csnpl handling to multiple backends - Ticket 49288 - RootDN Access wrong plugin path in template-dse.ldif.in - Ticket 49291 - slapi_search_internal_callback_pb may SIGSEV if related pblock has not operation set - Ticket 49008 - Fix MO plugin betxn test - Ticket 49227 - ldapsearch does not return the expected Error log level - Ticket 49028 - Add autotuning test suite - Ticket 49273 - bak2db doesn't operate with dbversion - Ticket 49184 - adjust logging level in MO plugin - Ticket 49257 - only register modify callbacks - Ticket 49257 - Update CI script - Ticket 49008 - Adjust CI test for new memberOf behavior - Ticket 49273 - crash when DBVERSION is corrupt. - Ticket 49268 - master branch fails on big endian systems - Ticket 49241 - add symblic link location to db2bak.pl output - Ticket 49257 - Reject nsslapd-cachememsize & nsslapd-cachesize when nsslapd-cache-autosize is set - Ticket 48538 - Failed to delete old semaphore - Ticket 49231 - force EXTERNAL always - Ticket 49267 - autosize split of 0 results in dbcache of 0 * Tue Jun 6 2017 Mark Reynolds <mreynolds@redhat.com> - 1.3.6.6-2.1 - Revise upgrade logic ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-bdfd69e662' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3TUWFI74VFPVPP4E4PMOB6XEKCIXX7E/
|
|
|
|