/[advisories]/10138.adv
ViewVC logotype

Diff of /10138.adv

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 348 by davidwhodgins, Sat Aug 17 17:42:41 2013 UTC revision 388 by claire, Fri Aug 30 10:11:11 2013 UTC
# Line 1  Line 1 
1  type: security  type: security
2  subject: Updated 389-ds-base package fixes security vulnerability  subject: Updated 389-ds-base packag fixes security vulnerabilies and incorrect group usage
3  CVE:  CVE:
4   - CVE-2013-2219   - CVE-2013-2219
5     - CVE-2013-4283
6  src:  src:
7    3:    3:
8     core:     core:
9       - 389-ds-base-1.3.0.5-2.3.mga3       - 389-ds-base-1.3.0.5-2.3.mga3
10  description: |  description: |
11      Updated 389-ds-base packages fix security vulnerabilities:
12    
13    It was discovered that the 389 Directory Server did not honor defined    It was discovered that the 389 Directory Server did not honor defined
14    attribute access controls when evaluating search filter expressions. A    attribute access controls when evaluating search filter expressions. A
15    remote attacker (with permission to query the Directory Server) could use    remote attacker (with permission to query the Directory Server) could use
# Line 14  description: | Line 17  description: |
17    search queries with filter conditions that used restricted attributes    search queries with filter conditions that used restricted attributes
18    (CVE-2013-2219).    (CVE-2013-2219).
19    
20      It was discovered that the 389 Directory Server did not properly handle the
21      receipt of certain MOD operations with a bogus Distinguished Name (DN). A
22      remote, unauthenticated attacker could use this flaw to cause the 389
23      Directory Server to crash (CVE-2013-4283).
24    
25    Additionally, problems of wrong default group nobody (from upstream) as well    Additionally, problems of wrong default group nobody (from upstream) as well
26    as the 389-ds server not starting after a reboot have been fixed (mga#10138).    as the 389-ds server not starting after a reboot have been fixed (mga#10138).
27  references:  references:
28   - https://bugs.mageia.org/show_bug.cgi?id=10138   - https://bugs.mageia.org/show_bug.cgi?id=10138
29   - https://bugs.mageia.org/show_bug.cgi?id=10889   - https://bugs.mageia.org/show_bug.cgi?id=10889
30   - https://rhn.redhat.com/errata/RHSA-2013-1119.html   - https://rhn.redhat.com/errata/RHSA-2013-1119.html
31     - https://rhn.redhat.com/errata/RHSA-2013-1182.html
Legend:
Removed from v.348  
changed lines
  Added in v.388
  ViewVC Help
Powered by ViewVC 1.1.30