Scientific Linux Security Update : 389-ds-base on SL7.x x86_64

Medium Nessus Plugin ID 107209


The remote Scientific Linux host is missing one or more security updates.


Security Fix(es) :

- 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054)

- 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135)

Bug Fix(es) :

- Previously, if an administrator configured an index for an attribute with a specific matching rule in the 'nsMatchingRule' parameter, Directory Server did not use the retrieved indexer. As a consequence, Directory Server did not index the values of this attribute with the specified matching rules, and searches with extended filters were unindexed. With this update, Directory Server uses the retrieved indexer that processes the specified matching rule. As a result, searches using extended filters with a specified matching rule are now indexed.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 107209

File Name: sl_20180306_389_ds_base_on_SL7_x.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/03/08

Modified: 2018/03/28

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2018/03/06

Reference Information

CVE: CVE-2017-15135, CVE-2018-1054