File _patchinfo of Package patchinfo.11727

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.11727

<patchinfo incident="11727">
  <issue tracker="bnc" id="1099465">VUL-0: CVE-2018-10871: 389-ds: replication and the Retro Changelog plugin store plaintext password by default</issue>
  <issue tracker="bnc" id="991201">VUL-0: CVE-2016-5416: 389-ds: ACI readable by anonymous user</issue>
  <issue tracker="bnc" id="1120189">389-ds build fail in the post-check due to modified permissions</issue>
  <issue tracker="bnc" id="1132385">VUL-0: CVE-2019-3883: 389-ds: DOS  via hanging SSL/TLS connections</issue>
  <issue tracker="bnc" id="1092187">VUL-0: CVE-2018-1089: 389-ds: buffer overflow query filter issue with escape sequences</issue>
  <issue tracker="bnc" id="1108674">VUL-0: CVE-2018-14638: 389-ds: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly</issue>
  <issue tracker="bnc" id="1083689">VUL-0: CVE-2018-1054: 389-ds: Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c</issue>
  <issue tracker="bnc" id="1144797">389-ds maintenace update: cannot install due to file conflict (S:M:11727:198362)</issue>
  <issue tracker="bnc" id="1105606">VUL-0: CVE-2018-10935: 389-ds: ldapsearch with server side sort allows users to cause a crash</issue>
  <issue tracker="bnc" id="1109609">VUL-0: CVE-2018-14648: 389-ds: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service</issue>
  <issue tracker="cve" id="2018-10935"/>
  <issue tracker="cve" id="2018-10871"/>
  <issue tracker="cve" id="2019-3883"/>
  <issue tracker="cve" id="2016-5416"/>
  <issue tracker="cve" id="2018-14638"/>
  <issue tracker="cve" id="2018-1054"/>
  <issue tracker="cve" id="2018-14648"/>
  <issue tracker="cve" id="2018-1089"/>
  <packager>firstyear</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for 389-ds</summary>
  <description>This update for 389-ds to version 1.4.0.26 fixes the following issues:

Security issues fixed:

- CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201).
- CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689).
- CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187).
- CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465).
- CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674).
- CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609).
- CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606).
- CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.11727

Places