CESA-2018:0515 -- centos 6 389-ds-baseID: oval:org.secpod.oval:def:204768 | Date: (C)2018-03-19 (M)2023-07-28 |
Class: PATCH | Family: unix |
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * 389-ds-base: remote Denial of Service via search filters in SetUnicodeStringFromUTF_8 in collate.c * 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. The CVE-2017-15135 issue was discovered by Martin Poole .