RHSA-2017:0893-01 -- Redhat 389-ds-baseID: oval:org.secpod.oval:def:502016 | Date: (C)2017-04-14 (M)2023-12-20 |
Class: PATCH | Family: unix |
389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Security Fix: * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. Red Hat would like to thank Joachim Jabs for reporting this issue. Bug Fix: * Previously, the deref plug-in failed to dereference attributes that use distinguished name syntax, such as uniqueMember. With this patch, the deref plug-in can dereference such attributes and additionally Name and Optional UID syntax. As a result, the deref plug-in now supports any syntax
Platform: |
Red Hat Enterprise Linux 6 |