Scientific Linux Security Update : 389-ds-base on SL7.x x86_64
Medium Nessus Plugin ID 107209
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)
- 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)
Bug Fix(es) :
- Previously, if an administrator configured an index for an attribute with a specific matching rule in the 'nsMatchingRule' parameter, Directory Server did not use the retrieved indexer. As a consequence, Directory Server did not index the values of this attribute with the specified matching rules, and searches with extended filters were unindexed. With this update, Directory Server uses the retrieved indexer that processes the specified matching rule. As a result, searches using extended filters with a specified matching rule are now indexed.
SolutionUpdate the affected packages.