Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Low: 389-ds-base on SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Monday 9th July 2012 15:03:24 UTC (over 4 years ago)
Synopsis:    Low: 389-ds-base security, bug fix, and enhancement update
Issue Date:  2012-06-20
CVE Numbers: CVE-2012-0833


The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

A flaw was found in the way the 389 Directory Server daemon (ns-slapd)
handled access control instructions (ACIs) using certificate groups. If an
LDAP user that had a certificate group defined attempted to bind to the
directory server, it would cause ns-slapd to enter an infinite loop and
consume an excessive amount of CPU time. (CVE-2012-0833)

These updated 389-ds-base packages also include numerous bug fixes and
enhancements.

Users are advised to upgrade to these updated 389-ds-base packages, which
resolve these issues and add these enhancements. After installing this
update, the 389 server service will be restarted automatically.

SL6:
  i386
     389-ds-base-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
  x86_64
     389-ds-base-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.i686.rpm
     389-ds-base-debuginfo-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-devel-1.2.10.2-15.el6.i686.rpm
     389-ds-base-devel-1.2.10.2-15.el6.x86_64.rpm
     389-ds-base-libs-1.2.10.2-15.el6.i686.rpm
     389-ds-base-libs-1.2.10.2-15.el6.x86_64.rpm

- Scientific Linux Development Team
 
CD: 3ms