[Pkg-freeipa-devel] Bug#908859: 389-ds-base: CVE-2018-14638
Salvatore Bonaccorso
carnil at debian.org
Sat Sep 15 08:26:53 BST 2018
Source: 389-ds-base
Version: 1.4.0.15-1
Severity: grave
Tags: security
Control: found -1 1.3.8.2-1
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2018-14638[0]:
| A flaw was found in 389-ds-base before version 1.3.8.4-13. The process
| ns-slapd crashes in delete_passwdPolicy function when persistent
| search connections are terminated unexpectedly leading to remote
| denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14638
[1] https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Pkg-freeipa-devel
mailing list