MGASA-2022-0134
- Source
- https://advisories.mageia.org/MGASA-2022-0134.html
- Import Source
- https://advisories.mageia.org/MGASA-2022-0134.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2022-0134
- Related
- Published
- 2022-04-09T21:20:39Z
- Modified
- 2022-04-09T20:36:19Z
- Summary
- Updated 389-ds-base packages fix security vulnerability
- Details
-
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. (CVE-2022-0918)
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. (CVE-2022-0996)
- References
-
- https://advisories.mageia.org/MGASA-2022-0134.html
- https://bugs.mageia.org/show_bug.cgi?id=30235
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUT5CGHERM6PDXKCM7Z3IJLGIYJ6V6AO/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / 389-ds-base
Package
- Name
- 389-ds-base
- Purl
- pkg:rpm/mageia/389-ds-base?distro=mageia-8