[Pkg-fedora-ds-maintainers] Bug#851769: Bug#851769: 389-ds-base: CVE-2017-2591
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 26 20:38:13 UTC 2017
Hi Timo
Thanks a lot for looking into the issue!
On Thu, Jan 26, 2017 at 10:29:16PM +0200, Timo Aaltonen wrote:
> On 18.01.2017 18:16, Salvatore Bonaccorso wrote:
> > Source: 389-ds-base
> > Version: 1.3.5.15-1
> > Severity: grave
> > Tags: security upstream patch
> > Justification: user security hole
> >
> > Hi,
> >
> > the following vulnerability was published for 389-ds-base. Choosed
> > severity > important, since possibly as well triggerable by
> > unauthenticated attackers, but I'm not too familiar if that setup is
> > common.
> >
> > CVE-2017-2591[0]:
> > DoS via OOB heap read in "attribute uniqueness" plugin
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2017-2591
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591
>
> Hi,
> I don't understand the tags.. is there a patch somewhere? I can't find
> anything upstream, and the CVE links don't give anything useful either.
MITRE has not yet updated their page. But if you follow the first link
to the security-tracker the patch is referenced.
It is
https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
according to the original post on oss-security, which describes the
issue:
https://marc.info/?l=oss-security&m=148475299128091&w=2
Does this help?
Regards,
Salvatore
More information about the Pkg-fedora-ds-maintainers
mailing list