Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-15135 (GCVE-0-2017-15135)
Vulnerability from cvelistv5 – Published: 2018-01-24 15:00 – Updated: 2024-08-05 19:50
VLAI
EPSS
Summary
It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.
Severity
No CVSS data available.
CWE
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/102811 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1525628 | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:0414 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:0515 | vendor-advisoryx_refsource_REDHAT |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat, Inc. | 389-ds-base |
Affected:
since 1.3.6.1 up to and including 1.4.0.3
|
Date Public
2017-12-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102811",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "since 1.3.6.1 up to and including 1.4.0.3"
}
]
}
],
"datePublic": "2017-12-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "102811",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525628"
},
{
"name": "RHSA-2018:0414",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15135",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2017-10-08T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:50:16.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-15135",
"date": "2026-05-30",
"epss": "0.00254",
"percentile": "0.48877"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.3.6.1\", \"versionEndIncluding\": \"1.4.0.3\", \"matchCriteriaId\": \"9917C1A6-93B5-415D-B8F2-0131B9345A09\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto que 389-ds-base, desde la versi\\u00f3n 1.3.6.1 y hasta e incluyendo la versi\\u00f3n 1.4.0.3, no manipulaba siempre las operaciones de comparaci\\u00f3n de hash internas de manera correcta durante el proceso de autenticaci\\u00f3n. Un atacante remoto no autenticado podr\\u00eda emplear este error para omitir el proceso de autenticaci\\u00f3n bajo circunstancias muy excepcionales.\"}]",
"id": "CVE-2017-15135",
"lastModified": "2024-11-21T03:14:08.477",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-01-24T15:29:01.167",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/102811\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0414\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0515\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1525628\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/102811\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0414\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0515\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1525628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-15135\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-01-24T15:29:01.167\",\"lastModified\":\"2024-11-21T03:14:08.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto que 389-ds-base, desde la versi\u00f3n 1.3.6.1 y hasta e incluyendo la versi\u00f3n 1.4.0.3, no manipulaba siempre las operaciones de comparaci\u00f3n de hash internas de manera correcta durante el proceso de autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda emplear este error para omitir el proceso de autenticaci\u00f3n bajo circunstancias muy excepcionales.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.6.1\",\"versionEndIncluding\":\"1.4.0.3\",\"matchCriteriaId\":\"9917C1A6-93B5-415D-B8F2-0131B9345A09\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/102811\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0414\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0515\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1525628\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102811\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0515\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1525628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2019:1207-1
Vulnerability from csaf_suse - Published: 2019-05-10 12:02 - Updated: 2019-05-10 12:02Summary
Security update for 389-ds
Severity
Important
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10850: Fixed a race condition on reference counter that would lead
to a denial of service using persistent search (bsc#1096368)
- CVE-2017-15134: Fixed a remote denial of service via search filters in
slapi_filter_sprintf in slapd/util.c (bsc#1076530)
- CVE-2017-15135: Fixed authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c (bsc#1076530)
- CVE-2018-10935: Fixed an issue that allowed users to cause a crash via
ldapsearch with server side sorts (bsc#1105606)
- CVE-2018-14624: The lock controlling the error log was not correctly used
when re-opening the log file in log__error_emergency(), allowing an attacker to
send a flood of modifications to a very large DN, which could have caused slapd
to crash (bsc#1106699).
Patchnames: SUSE-2019-1207,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1207,SUSE-SLE-Module-Server-Applications-15-2019-1207
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\nThe following security vulnerabilities were addressed:\n\n- CVE-2018-10850: Fixed a race condition on reference counter that would lead\n to a denial of service using persistent search (bsc#1096368)\n- CVE-2017-15134: Fixed a remote denial of service via search filters in\n slapi_filter_sprintf in slapd/util.c (bsc#1076530)\n- CVE-2017-15135: Fixed authentication bypass due to lack of size check in\n slapi_ct_memcmp function in ch_malloc.c (bsc#1076530)\n- CVE-2018-10935: Fixed an issue that allowed users to cause a crash via\n ldapsearch with server side sorts (bsc#1105606)\n- CVE-2018-14624: The lock controlling the error log was not correctly used\n when re-opening the log file in log__error_emergency(), allowing an attacker to\n send a flood of modifications to a very large DN, which could have caused slapd\n to crash (bsc#1106699).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1207,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1207,SUSE-SLE-Module-Server-Applications-15-2019-1207",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1207-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1207-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191207-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1207-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005444.html"
},
{
"category": "self",
"summary": "SUSE Bug 1076530",
"url": "https://bugzilla.suse.com/1076530"
},
{
"category": "self",
"summary": "SUSE Bug 1096368",
"url": "https://bugzilla.suse.com/1096368"
},
{
"category": "self",
"summary": "SUSE Bug 1105606",
"url": "https://bugzilla.suse.com/1105606"
},
{
"category": "self",
"summary": "SUSE Bug 1106699",
"url": "https://bugzilla.suse.com/1106699"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15134 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15135 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10850 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10935 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14624 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14624/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2019-05-10T12:02:53Z",
"generator": {
"date": "2019-05-10T12:02:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1207-1",
"initial_release_date": "2019-05-10T12:02:53Z",
"revision_history": [
{
"date": "2019-05-10T12:02:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-1.4.0.3-4.7.52.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-1.4.0.3-4.7.52.i586"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.i586"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-1.4.0.3-4.7.52.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-1.4.0.3-4.7.52.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-1.4.0.3-4.7.52.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15134"
}
],
"notes": [
{
"category": "general",
"text": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15134",
"url": "https://www.suse.com/security/cve/CVE-2017-15134"
},
{
"category": "external",
"summary": "SUSE Bug 1007004 for CVE-2017-15134",
"url": "https://bugzilla.suse.com/1007004"
},
{
"category": "external",
"summary": "SUSE Bug 1076530 for CVE-2017-15134",
"url": "https://bugzilla.suse.com/1076530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-10T12:02:53Z",
"details": "low"
}
],
"title": "CVE-2017-15134"
},
{
"cve": "CVE-2017-15135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15135"
}
],
"notes": [
{
"category": "general",
"text": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15135",
"url": "https://www.suse.com/security/cve/CVE-2017-15135"
},
{
"category": "external",
"summary": "SUSE Bug 1007004 for CVE-2017-15135",
"url": "https://bugzilla.suse.com/1007004"
},
{
"category": "external",
"summary": "SUSE Bug 1076530 for CVE-2017-15135",
"url": "https://bugzilla.suse.com/1076530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-10T12:02:53Z",
"details": "low"
}
],
"title": "CVE-2017-15135"
},
{
"cve": "CVE-2018-10850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10850"
}
],
"notes": [
{
"category": "general",
"text": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10850",
"url": "https://www.suse.com/security/cve/CVE-2018-10850"
},
{
"category": "external",
"summary": "SUSE Bug 1096368 for CVE-2018-10850",
"url": "https://bugzilla.suse.com/1096368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-10T12:02:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-10850"
},
{
"cve": "CVE-2018-10935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10935",
"url": "https://www.suse.com/security/cve/CVE-2018-10935"
},
{
"category": "external",
"summary": "SUSE Bug 1105606 for CVE-2018-10935",
"url": "https://bugzilla.suse.com/1105606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-10T12:02:53Z",
"details": "moderate"
}
],
"title": "CVE-2018-10935"
},
{
"cve": "CVE-2018-14624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14624"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14624",
"url": "https://www.suse.com/security/cve/CVE-2018-14624"
},
{
"category": "external",
"summary": "SUSE Bug 1106699 for CVE-2018-14624",
"url": "https://bugzilla.suse.com/1106699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-10T12:02:53Z",
"details": "important"
}
],
"title": "CVE-2018-14624"
}
]
}
SUSE-SU-2019:1207-2
Vulnerability from csaf_suse - Published: 2019-07-01 13:04 - Updated: 2019-07-01 13:04Summary
Security update for 389-ds
Severity
Important
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds fixes the following issues:
The following security vulnerabilities were addressed:
- CVE-2018-10850: Fixed a race condition on reference counter that would lead
to a denial of service using persistent search (bsc#1096368)
- CVE-2017-15134: Fixed a remote denial of service via search filters in
slapi_filter_sprintf in slapd/util.c (bsc#1076530)
- CVE-2017-15135: Fixed authentication bypass due to lack of size check in
slapi_ct_memcmp function in ch_malloc.c (bsc#1076530)
- CVE-2018-10935: Fixed an issue that allowed users to cause a crash via
ldapsearch with server side sorts (bsc#1105606)
- CVE-2018-14624: The lock controlling the error log was not correctly used
when re-opening the log file in log__error_emergency(), allowing an attacker to
send a flood of modifications to a very large DN, which could have caused slapd
to crash (bsc#1106699).
Patchnames: SUSE-2019-1207,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1207,SUSE-SLE-Module-Server-Applications-15-SP1-2019-1207
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
8.1 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5.9 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\nThe following security vulnerabilities were addressed:\n\n- CVE-2018-10850: Fixed a race condition on reference counter that would lead\n to a denial of service using persistent search (bsc#1096368)\n- CVE-2017-15134: Fixed a remote denial of service via search filters in\n slapi_filter_sprintf in slapd/util.c (bsc#1076530)\n- CVE-2017-15135: Fixed authentication bypass due to lack of size check in\n slapi_ct_memcmp function in ch_malloc.c (bsc#1076530)\n- CVE-2018-10935: Fixed an issue that allowed users to cause a crash via\n ldapsearch with server side sorts (bsc#1105606)\n- CVE-2018-14624: The lock controlling the error log was not correctly used\n when re-opening the log file in log__error_emergency(), allowing an attacker to\n send a flood of modifications to a very large DN, which could have caused slapd\n to crash (bsc#1106699).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1207,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1207,SUSE-SLE-Module-Server-Applications-15-SP1-2019-1207",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1207-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1207-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191207-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1207-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-July/005641.html"
},
{
"category": "self",
"summary": "SUSE Bug 1076530",
"url": "https://bugzilla.suse.com/1076530"
},
{
"category": "self",
"summary": "SUSE Bug 1096368",
"url": "https://bugzilla.suse.com/1096368"
},
{
"category": "self",
"summary": "SUSE Bug 1105606",
"url": "https://bugzilla.suse.com/1105606"
},
{
"category": "self",
"summary": "SUSE Bug 1106699",
"url": "https://bugzilla.suse.com/1106699"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15134 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15135 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10850 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10850/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10935 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14624 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14624/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2019-07-01T13:04:11Z",
"generator": {
"date": "2019-07-01T13:04:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1207-2",
"initial_release_date": "2019-07-01T13:04:11Z",
"revision_history": [
{
"date": "2019-07-01T13:04:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-1.4.0.3-4.7.52.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.aarch64",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.aarch64",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-1.4.0.3-4.7.52.i586"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.i586"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.i586",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.i586",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-1.4.0.3-4.7.52.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-1.4.0.3-4.7.52.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.s390x",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.s390x",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-1.4.0.3-4.7.52.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-devel-1.4.0.3-4.7.52.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.3-4.7.52.x86_64",
"product": {
"name": "389-ds-snmp-1.4.0.3-4.7.52.x86_64",
"product_id": "389-ds-snmp-1.4.0.3-4.7.52.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.3-4.7.52.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64"
},
"product_reference": "389-ds-1.4.0.3-4.7.52.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.3-4.7.52.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
},
"product_reference": "389-ds-devel-1.4.0.3-4.7.52.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-15134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15134"
}
],
"notes": [
{
"category": "general",
"text": "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15134",
"url": "https://www.suse.com/security/cve/CVE-2017-15134"
},
{
"category": "external",
"summary": "SUSE Bug 1007004 for CVE-2017-15134",
"url": "https://bugzilla.suse.com/1007004"
},
{
"category": "external",
"summary": "SUSE Bug 1076530 for CVE-2017-15134",
"url": "https://bugzilla.suse.com/1076530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-01T13:04:11Z",
"details": "low"
}
],
"title": "CVE-2017-15134"
},
{
"cve": "CVE-2017-15135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15135"
}
],
"notes": [
{
"category": "general",
"text": "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15135",
"url": "https://www.suse.com/security/cve/CVE-2017-15135"
},
{
"category": "external",
"summary": "SUSE Bug 1007004 for CVE-2017-15135",
"url": "https://bugzilla.suse.com/1007004"
},
{
"category": "external",
"summary": "SUSE Bug 1076530 for CVE-2017-15135",
"url": "https://bugzilla.suse.com/1076530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-01T13:04:11Z",
"details": "low"
}
],
"title": "CVE-2017-15135"
},
{
"cve": "CVE-2018-10850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10850"
}
],
"notes": [
{
"category": "general",
"text": "389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. An anonymous attacker could use this flaw to trigger a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10850",
"url": "https://www.suse.com/security/cve/CVE-2018-10850"
},
{
"category": "external",
"summary": "SUSE Bug 1096368 for CVE-2018-10850",
"url": "https://bugzilla.suse.com/1096368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-01T13:04:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-10850"
},
{
"cve": "CVE-2018-10935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10935",
"url": "https://www.suse.com/security/cve/CVE-2018-10935"
},
{
"category": "external",
"summary": "SUSE Bug 1105606 for CVE-2018-10935",
"url": "https://bugzilla.suse.com/1105606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-01T13:04:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-10935"
},
{
"cve": "CVE-2018-14624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14624"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in log__error_emergency(). An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14624",
"url": "https://www.suse.com/security/cve/CVE-2018-14624"
},
{
"category": "external",
"summary": "SUSE Bug 1106699 for CVE-2018-14624",
"url": "https://bugzilla.suse.com/1106699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.3-4.7.52.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.3-4.7.52.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-01T13:04:11Z",
"details": "important"
}
],
"title": "CVE-2018-14624"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…