SUSE-SU-2019:2155-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2019/suse-su-20192155-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2019:2155-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2019:2155-1
Related
Published
2019-08-15T15:51:09Z
Modified
2019-08-15T15:51:09Z
Summary
Security update for 389-ds
Details

This update for 389-ds to version 1.4.0.26 fixes the following issues:

Security issues fixed:

  • CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201).
  • CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689).
  • CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187).
  • CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465).
  • CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674).
  • CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609).
  • CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606).
  • CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).
References

Affected packages

SUSE:Linux Enterprise Module for Server Applications 15 / 389-ds

Package

Name
389-ds
Purl
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0.26~git0.8a2d3de6f-4.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "389-ds": "1.4.0.26~git0.8a2d3de6f-4.14.1",
            "389-ds-devel": "1.4.0.26~git0.8a2d3de6f-4.14.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Server Applications 15 SP1 / 389-ds

Package

Name
389-ds
Purl
pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.4.0.26~git0.8a2d3de6f-4.14.1

Ecosystem specific 

{
    "binaries": [
        {
            "389-ds": "1.4.0.26~git0.8a2d3de6f-4.14.1",
            "389-ds-devel": "1.4.0.26~git0.8a2d3de6f-4.14.1"
        }
    ]
}