-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 12 Jul 2018 19:03:02 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg Architecture: source all amd64 Version: 1.3.3.5-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols Changes: 389-ds-base (1.3.3.5-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2015-1854 A flaw was found while doing authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could perform unauthorized modifications of entries in the directory server. * CVE-2017-15134 Improper handling of a search filter in slapi_filter_sprintf() in slapd/util.c can lead to remote server crash and denial of service. * CVE-2018-1054 When read access on <attribute_name> is enabled, a flaw in SetUnicodeStringFromUTF_8 function in collate.c, can lead to out-of-bounds memory operations. This might result in a server crash, caused by unauthorized users. * CVE-2018-1089 Any user (anonymous or authenticated) can crash ns-slapd with a crafted ldapsearch query with very long filter value. * CVE-2018-10850 Due to a race condition the server could crash in turbo mode (because of high traffic) or when a worker reads several requests in the read buffer (more_data). Thus an anonymous attacker could trigger a denial of service. Checksums-Sha1: 17cab41328cc4f308d4ed928ddb18737e502c060 2781 389-ds-base_1.3.3.5-4+deb8u1.dsc bb43dc34bde87175c169cccb9981999f263c0c03 3273753 389-ds-base_1.3.3.5.orig.tar.bz2 6bb6567301b7791b83084f0dff941264a04788a7 31416 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz 17bbf51cb809ba0eb966c83ae945ef53d341d902 15852 389-ds_1.3.3.5-4+deb8u1_all.deb f2805c5aab5387d5e6dc2504a038b0a480292d6e 387686 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb 6297a747258467667848df4a42af500590c23a52 1282838 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb 82b1d132c9f439aab99ef2f635b9e23149e13c82 69186 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb 32501f904c2915839c5160a6d65c047b8b629e4f 1460472 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb 34cdc405933a55aa43d96c4b1b5ebaf2419e93d5 4181176 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb Checksums-Sha256: 48c46d6dd7f18450b4ea6f35a5dfe47e09e0cb1a6298097879e4ecb9463c1768 2781 389-ds-base_1.3.3.5-4+deb8u1.dsc 85f69e65909f7a8286717290f699e61be89c6534e926bcb5b4a6644f950e8827 3273753 389-ds-base_1.3.3.5.orig.tar.bz2 f850a3bd276c94c2435898800579ff19acd3caebfa35f79df2f6b565f6284462 31416 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz 6cdbae6af03f205e0ef6f00f845256189d57f9a8ed58704f090e6416bf098284 15852 389-ds_1.3.3.5-4+deb8u1_all.deb 9706405a3f957e073cda19a24cb447ac0dd914c941ab51574ddf7eddbac3e949 387686 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb 44767b72c7fef445fbbedafc6cea76c018b19419ed9e5ffefbffd10658a10ace 1282838 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb 8cc57c804319404faaad260db6ea8096fce09071f5a37e4d0dc6d0fa5478542b 69186 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb 0ca31050d45350d5831d8670fdc904f62f5a30383949bc38f86849f41084d385 1460472 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb 3e5499cce862f7257c521e4bc5318f600c36eff1d6f627631d85b86cd657e83c 4181176 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb Files: 21b416744edd928bf633910494eb97e6 2781 net optional 389-ds-base_1.3.3.5-4+deb8u1.dsc 84869d46184039fce976b858e663232e 3273753 net optional 389-ds-base_1.3.3.5.orig.tar.bz2 c1026c530d95f4cbaaa408444003c0db 31416 net optional 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz a7c800442710f0f051b9a275efdff85d 15852 net optional 389-ds_1.3.3.5-4+deb8u1_all.deb 154c4d21a693d5b74bff05823d3e9811 387686 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb 3774dea64ca01aa1b2027d258909fd5a 1282838 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb 698393141bcd9e2f3ba541f38444c016 69186 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb 8981101bd932f29a13b303c5b0feb755 1460472 net optional 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb ab8cf791b0c7259dc1b72f4dd7ffbda3 4181176 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAltLdsNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR8YYD/9mj0RnFFKaY138lW3t3xFaDAk/imcx /oaor3dre98MUTG+VdR/vt8F8yW0eSEEjYTJT+CO8/SDCjs/IYglz2/AFlp23oHz lGs9kvcJud9u2magtHG8S3pXHKvNl88j0yrwoT1+kkRfnJmiU/RfC14udoX+aiNe XqpBSQ2h3lz6NR8T/rBTdn2YxtAo+Ww4k99QN4RmLS1jhRvhOR52Bo2ZnN+C9bvu Hq5mOusCSVa6yCcUybFAby8oCSZ4K5E5JBtW3uu7pAe6Uw1dXLC2dDT0GQBhGu8p Q77x6FKGAKtk9zv/MI/MsWF0pPLDxQ6iR1uXBg81jkg+bZLhU/aUnG/WkVRtpf0M B5tOV7XVJjDjviiJBRQmRJ/LfUs0vRYs/h3CPkOKwC94IM+aELH+E78wLFq1OEnH LDt4nv595m2tBMOuzCneUHmYIS0hr3lHCGMTLaqobxHtieTU7LO41nSRxx/pgv9c m/bDBz13WjIR1sCipdkeqbngcznfm65nOO59VGVSDJdgq1x/J930tqqhj5ZYLkW0 w/Zx94fL2iow1tuzG/Iun+qoRoRJrZ2hjROZqV2BJ5e0oV3Ld5i4JbAwGPViWYQf 66BoXJ1WvDsEukwCnMwE3OYxzWgImAqwVF72o4AXBiNDfE8bi1/z40QHD36fe8k2 FkANL5OZNwY/rQ== =+hM6 -----END PGP SIGNATURE-----
