-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 30 Aug 2018 16:40:44 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg Architecture: source all amd64 Version: 1.3.3.5-4+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org> Changed-By: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols Closes: 906985 Changes: 389-ds-base (1.3.3.5-4+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-10935: Check if the we are able to index the provided value. If we are not then slapd_qsort returns an error (LDAP_OPERATION_ERROR) . Fixes: Any authenticated user doing a search using ldapsearch with extended controls for server side sorting is bringing down the ldap server itself. (Closes: #906985). * CVE-2018-10871: Set nsslapd-unhashed-pw-switch by default to 'off'. Fixes: By default nsslapd-unhashed-pw-switch is set to 'on'. So a copy of the unhashed password is kept in modifiers and is possibly logged in changelog and retroCL. Checksums-Sha1: 4217c76d6af70a24a966a6d8adfda494aed58beb 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc 2897b418f04166b34c701155a7b62357d98c9272 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 9d7d1af739203b1460f3ec583dbd621a75cf02fd 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 80fe90f6ba1f4db7b0f5c27ae8c1d3954ccfe9ed 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 67381a9a2b0d0109717ba8b5e596f7bdb193602f 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb bebce1d084971bcda14d53caeca8c205a9311c5a 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb f935135d1de21fe8ee7608836d12e9d52384fdfb 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb bd77312010bb9ddfc32127a17017abe861468f5b 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Checksums-Sha256: e67800084a9615523a31dc04306b30eb075f3aef6ba6f46db803d87fa88cd4ed 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc bde8c7a7170960f4a5f53f0a75e4fe532194fdcdaf2c0d37a2b7d65d986d5da3 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 1eaa2b2d8244f44131a583b6e83a29c5f76f1add6178ae2f7078b45256f34115 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 2f4dac3301e033ec29a16ba33875be780d2056866e2a1ec1ac1a0488328630e2 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 9a584b495818cd498870bc2c4dc1ce682147429a780e2f089730e008d2e83018 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb e33e5561240cc757f10c20af38e2d7462b67c1df59e0ad72edf2691c70a29b26 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb 40d88b201f1123a93c394f4a7eca96c6e67f262ee53571bff6a0a3554cfaee2f 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7a047fb06154f1c0eb7a8836ff160cbd0c10ab032516d18a1f973da852693f89 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Files: a04a8814c0a7ed4e1d153ce6c99f3c7c 2667 net optional 389-ds-base_1.3.3.5-4+deb8u2.dsc 841eaac26a5e618806ff414596b003e7 34856 net optional 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz d36df017cf42ac74a375f0ea8f1dbd38 16118 net optional 389-ds_1.3.3.5-4+deb8u2_all.deb 5129f83e3cd37b39c0c171cde0d1828c 387850 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 5ef0349745cb6c59e9b5045b3836b564 1283148 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb cf93a0c9156ae41460881dbfacd8082d 69502 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb afa5957497585a9dd4d36d1e8371673f 1460054 net optional 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7954351a44eba927fd7b00788b03dfa1 4181384 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQJVBAEBCAA/FiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluIJvchHG1pa2UuZ2Fi cmllbEBkYXMtbmV0endlcmt0ZWFtLmRlAAoJEJr0azAldxsxODkP/0YAzcfC9jUd YK+F+xm86sVXkF3N8iLUahj1CfyAs4mFiGBlyqHdASZ0CPoN/lLx9rFB2y7uUJtI L/eylItucQLqq153enDRinAYHVpRX7KBj2DKHasnKIKAtoNiqCtVP4pKHy9yJvfy KhDdc5QZRQNIxHKieWgH0LFJwboL+da0pHp3N7Sj3AoEUGSXPVcFgREFKj4Eoh0P kQPjusHA7OT9LSGtsD0g07wSdvfHHmpkned+im8J27bLYario6Ia1+UAYLXBxBag m1whQ1a9NsXaNmA+KsDIXjDIKfEBDnyC9nH916XsTmBPMH2RilFYidrjWElllmDG pgydAplRNrtD76i60St6CCd76jNluozmwOGzB6DWzxUMzMf1ciWpkwFsrCRlXPbP o+xyB3g698xJN5AcY2OGU7CcDkCtGEGPIO89e+delfi8tddKKUMPzDrYjIKLLmeF T1giEw6YoyyRcTIMDW3axbr6pOUQVxDyi7aSm7eU+joN0GY+aIeo2I/g7L0nb5Ze M9Wlg/72lAmoGyPBFJbyjaI1HsWxc1LxlIT1VMvXG1egRhvfqwP5S76R9aUL5TYu veGLUdOm7kl++NoXHU3lOTqZXsmL6wEiOGG065rtD4yo5QRhwBOI90v1JnRuIP7R crBJ4oTVv3qwXm/iIjHpdYNcDkWRfmRG =sVSD -----END PGP SIGNATURE-----
