SUSE-SU-2019:2155-1 -- SLES 389-dsID: oval:org.secpod.oval:def:89050591 | Date: (C)2023-10-16 (M)2023-10-15 |
Class: PATCH | Family: unix |
This update for 389-ds to version 1.4.0.26 fixes the following issues: Security issues fixed: - CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI . - CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8 . - CVE-2018-1089: Fixed a buffer overflow via large filter value . - CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers . - CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy . - CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries . - CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort . - CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS .
Platform: |
SUSE Linux Enterprise Server 15 |
SUSE Linux Enterprise Server 15 SP1 |