drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in 389-ds-base
Name: |
Denial of Service in 389-ds-base |
|
ID: |
FEDORA-2013-15540 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Sa, 31. August 2013, 09:43 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4283 |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
Name : 389-ds-base Product : Fedora 19 Version : 1.3.1.7 Release : 1.fc19 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
In this version, a security bug -- modifying an entry specified by an invalid DN crashed the server and a Windows Sync bug were fixed; logconv and setup-ds.pl scripts were enhanced. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Aug 28 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.7-1 - bump version to 1.3.1.7 - Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN - Ticket 47488 - Users from AD sub OU does not sync to IPA - Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated - Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly * Thu Aug 1 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-1 - bump version to 1.3.1.6 - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - fix coverity 11915 - dead code - introduced with fix for ticket 346 - fix coverity 11895 - null deref - caused by fix to ticket 47392 - fix compiler warning in posix winsync code for posix_group_del_memberuid_callback - Fix compiler warnings for Ticket 47395 and 47397 - fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) - Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch - fix compiler warnings - Fix compiler warning (cherry picked from commit ec6ebc0b0f085a82041d993ab2450a3922ef5502) * Wed Jul 31 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.5-1 - bump version to 1.3.1.5 - Ticket 47456 - delete present values should append values to deleted values - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication - Ticket 47440 - Fix runtime errors caused by last patch. - Ticket 47440 - Fix compilation warnings and header files - Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios - Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D - Ticket 47378 - fix recent compiler warnings - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47449 - deadlock after adding and deleting entries - Ticket 47441 - Disk Monitoring not checking filesystem with logs - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold * Fri Jul 19 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.4-1 - bump version to 1.3.1.4 - Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. - Ticket 47424 - Replication problem with add-delete requests on single-valued attributes - Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47421 - memory leaks in set_krb5_creds - Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values - Ticket 47369 version2 - provide default syntax plugin - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY rule - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15 - Ticket 47392 - ldbm errors when adding/modifying/deleting entries - Ticket 47385 - Disk Monitoring is not triggered as expected. - Ticket 47410 - changelog db deadlocks with DNA and replication * Wed Jul 3 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.3-1 - bump version to 1.3.1.3 - Ticket 47374 - flush.pl is not included in perl5 - Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix) - Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization - Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured - Ticket 47396 - crash on modrdn of tombstone - Ticket 47400 - MMR stress test with dna enabled causes a deadlock - Ticket 47409 - allow setting db deadlock rejection policy - Ticket 47419 - Unhashed userpassword can accidentally get removed from mods - Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-' ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #999634 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN https://bugzilla.redhat.com/show_bug.cgi?id=999634 [ 2 ] Bug #979508 - CVE-2013-2219 Directory Server: ACLs inoperative in some search scenarios https://bugzilla.redhat.com/show_bug.cgi?id=979508 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|