Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10935 (GCVE-0-2018-10935)
Vulnerability from cvelistv5 – Published: 2018-09-11 15:00 – Updated: 2024-08-05 07:54
VLAI
EPSS
Summary
A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.
Severity
6.5 (Medium)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2757 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2018… | mailing-listx_refsource_MLIST |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | 389-ds-base |
Affected:
n/a
|
Date Public
2018-07-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:54:35.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "389-ds-base",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-15T20:06:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2757",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1397",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2757",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2757"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935"
},
{
"name": "[debian-lts-announce] 20180830 [SECURITY] [DLA 1483-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"name": "openSUSE-SU-2019:1397",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-10935",
"datePublished": "2018-09-11T15:00:00.000Z",
"dateReserved": "2018-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T07:54:35.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-10935",
"date": "2026-05-29",
"epss": "0.00436",
"percentile": "0.63219"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10935\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-09-11T15:29:00.343\",\"lastModified\":\"2024-11-21T03:42:20.647\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un error en 389 Directory Server que permite que los usuarios provoquen el cierre inesperado del servidor LDAP mediante el uso de ldapsearch con orden del lado del servidor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.0.0\",\"versionEndExcluding\":\"1.3.8.7\",\"matchCriteriaId\":\"B6FC9550-26E5-4B75-B87A-58D8DBF54D87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:389_directory_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0.0\",\"versionEndExcluding\":\"1.4.0.14\",\"matchCriteriaId\":\"E38A6175-FC4D-47B4-8960-4FEB34BC8166\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2757\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2757\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2019:2155-1
Vulnerability from csaf_suse - Published: 2019-08-15 15:51 - Updated: 2019-08-15 15:51Summary
Security update for 389-ds
Severity
Important
Notes
Title of the patch: Security update for 389-ds
Description of the patch: This update for 389-ds to version 1.4.0.26 fixes the following issues:
Security issues fixed:
- CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201).
- CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689).
- CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187).
- CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465).
- CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674).
- CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609).
- CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606).
- CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).
Patchnames: SUSE-2019-2155,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2155,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2155,SUSE-SLE-Module-Server-Applications-15-2019-2155,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2155
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds to version 1.4.0.26 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201).\n- CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689).\n- CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187).\n- CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465).\n- CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674).\n- CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609).\n- CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606).\n- CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-2155,SUSE-SLE-Module-Development-Tools-OBS-15-2019-2155,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2155,SUSE-SLE-Module-Server-Applications-15-2019-2155,SUSE-SLE-Module-Server-Applications-15-SP1-2019-2155",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2155-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:2155-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192155-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:2155-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-August/005817.html"
},
{
"category": "self",
"summary": "SUSE Bug 1083689",
"url": "https://bugzilla.suse.com/1083689"
},
{
"category": "self",
"summary": "SUSE Bug 1092187",
"url": "https://bugzilla.suse.com/1092187"
},
{
"category": "self",
"summary": "SUSE Bug 1099465",
"url": "https://bugzilla.suse.com/1099465"
},
{
"category": "self",
"summary": "SUSE Bug 1105606",
"url": "https://bugzilla.suse.com/1105606"
},
{
"category": "self",
"summary": "SUSE Bug 1108674",
"url": "https://bugzilla.suse.com/1108674"
},
{
"category": "self",
"summary": "SUSE Bug 1109609",
"url": "https://bugzilla.suse.com/1109609"
},
{
"category": "self",
"summary": "SUSE Bug 1120189",
"url": "https://bugzilla.suse.com/1120189"
},
{
"category": "self",
"summary": "SUSE Bug 1132385",
"url": "https://bugzilla.suse.com/1132385"
},
{
"category": "self",
"summary": "SUSE Bug 1144797",
"url": "https://bugzilla.suse.com/1144797"
},
{
"category": "self",
"summary": "SUSE Bug 991201",
"url": "https://bugzilla.suse.com/991201"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5416 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1054 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10871 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1089 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10935 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10935/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14638 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14638/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14648 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3883 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3883/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2019-08-15T15:51:09Z",
"generator": {
"date": "2019-08-15T15:51:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:2155-1",
"initial_release_date": "2019-08-15T15:51:09Z",
"revision_history": [
{
"date": "2019-08-15T15:51:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product_id": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product_id": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product": {
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product_id": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product": {
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"product_id": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product_id": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product_id": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product_id": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product": {
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"product_id": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product_id": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product_id": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product": {
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product_id": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product": {
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"product_id": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product_id": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product_id": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product": {
"name": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product_id": "389-ds-snmp-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product": {
"name": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"product_id": "libsvrcore0-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
},
"product_reference": "389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5416"
}
],
"notes": [
{
"category": "general",
"text": "389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5416",
"url": "https://www.suse.com/security/cve/CVE-2016-5416"
},
{
"category": "external",
"summary": "SUSE Bug 991201 for CVE-2016-5416",
"url": "https://bugzilla.suse.com/991201"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "moderate"
}
],
"title": "CVE-2016-5416"
},
{
"cve": "CVE-2018-1054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1054"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1054",
"url": "https://www.suse.com/security/cve/CVE-2018-1054"
},
{
"category": "external",
"summary": "SUSE Bug 1083689 for CVE-2018-1054",
"url": "https://bugzilla.suse.com/1083689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "important"
}
],
"title": "CVE-2018-1054"
},
{
"cve": "CVE-2018-10871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10871"
}
],
"notes": [
{
"category": "general",
"text": "389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently high privileges, such as root or Directory Manager, can query these files in order to retrieve plaintext passwords.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10871",
"url": "https://www.suse.com/security/cve/CVE-2018-10871"
},
{
"category": "external",
"summary": "SUSE Bug 1099465 for CVE-2018-10871",
"url": "https://bugzilla.suse.com/1099465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-10871"
},
{
"cve": "CVE-2018-1089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1089"
}
],
"notes": [
{
"category": "general",
"text": "389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1089",
"url": "https://www.suse.com/security/cve/CVE-2018-1089"
},
{
"category": "external",
"summary": "SUSE Bug 1092187 for CVE-2018-1089",
"url": "https://bugzilla.suse.com/1092187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "important"
}
],
"title": "CVE-2018-1089"
},
{
"cve": "CVE-2018-10935",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10935"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10935",
"url": "https://www.suse.com/security/cve/CVE-2018-10935"
},
{
"category": "external",
"summary": "SUSE Bug 1105606 for CVE-2018-10935",
"url": "https://bugzilla.suse.com/1105606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "moderate"
}
],
"title": "CVE-2018-10935"
},
{
"cve": "CVE-2018-14638",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14638"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in 389-ds-base before version 1.3.8.4-13. The process ns-slapd crashes in delete_passwdPolicy function when persistent search connections are terminated unexpectedly leading to remote denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14638",
"url": "https://www.suse.com/security/cve/CVE-2018-14638"
},
{
"category": "external",
"summary": "SUSE Bug 1108674 for CVE-2018-14638",
"url": "https://bugzilla.suse.com/1108674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "important"
}
],
"title": "CVE-2018-14638"
},
{
"cve": "CVE-2018-14648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14648"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14648",
"url": "https://www.suse.com/security/cve/CVE-2018-14648"
},
{
"category": "external",
"summary": "SUSE Bug 1109609 for CVE-2018-14648",
"url": "https://bugzilla.suse.com/1109609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "important"
}
],
"title": "CVE-2018-14648"
},
{
"cve": "CVE-2019-3883",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3883"
}
],
"notes": [
{
"category": "general",
"text": "In 389-ds-base up to version 1.4.1.2, requests are handled by workers threads. Each sockets will be waited by the worker for at most \u0027ioblocktimeout\u0027 seconds. However this timeout applies only for un-encrypted requests. Connections using SSL/TLS are not taking this timeout into account during reads, and may hang longer.An unauthenticated attacker could repeatedly create hanging LDAP requests to hang all the workers, resulting in a Denial of Service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3883",
"url": "https://www.suse.com/security/cve/CVE-2019-3883"
},
{
"category": "external",
"summary": "SUSE Bug 1132385 for CVE-2019-3883",
"url": "https://bugzilla.suse.com/1132385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15:389-ds-devel-1.4.0.26~git0.8a2d3de6f-4.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-08-15T15:51:09Z",
"details": "moderate"
}
],
"title": "CVE-2019-3883"
}
]
}
VAR-201809-0650
Vulnerability from variot - Updated: 2024-11-23 21:31A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. 389 Directory Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat389DirectoryServer (formerly known as FedoraDirectoryServer) is an enterprise-class Linux directory server from RedHat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. A security vulnerability exists in RedHat389DirectoryServer. An attacker could exploit the vulnerability to cause a denial of service (crash). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: 389-ds-base security and bug fix update Advisory ID: RHSA-2018:2757-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2757 Issue date: 2018-09-25 CVE Names: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638 ==================================================================== 1. Summary:
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
Security Fix(es):
-
389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850)
-
389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935)
-
389-ds-base: Server crash through modify command with large DN (CVE-2018-14624)
-
389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2018-14638)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the CVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat).
Bug Fix(es):
-
Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". (BZ#1614836)
-
When a search evaluates the "shadowAccount" entry, Directory Server adds the shadow attributes to the entry. If the fine-grained password policy is enabled, the "shadowAccount" entry can contain its own "pwdpolicysubentry" policy attribute. Previously, to retrieve this attribute, the server started an internal search for each "shadowAccount" entry, which was unnecessary because the entry was already known to the server. As a result, the performance of searches, such as response time and throughput, is improved. (BZ#1615924)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the 389 server service will be restarted automatically.
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm
x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
aarch64: 389-ds-base-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.aarch64.rpm
ppc64le: 389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
ppc64: 389-ds-base-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.ppc64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64.rpm
ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm
s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm
x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
aarch64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.aarch64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.aarch64.rpm
ppc64le: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm
s390x: 389-ds-base-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: 389-ds-base-1.3.7.5-28.el7_5.src.rpm
x86_64: 389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: 389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm 389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-10850 https://access.redhat.com/security/cve/CVE-2018-10935 https://access.redhat.com/security/cve/CVE-2018-14624 https://access.redhat.com/security/cve/CVE-2018-14638 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW6qI2dzjgjWX9erEAQgW5g//Xn0tMzXPX9ttN9u/n6vEr3kEio7meGc8 g70R7mtWsJj5z3VfnvFD5mRmQQinsMJXI0/IUfBU+X/oZb7rGI33ALYh0lg1rerc 2jxXBAwJKpSwkstFvJiUs2XOznh3VaYkwg/UxqEtkh4xSnO1WfbFJpHhoPIf6d8Y Cu7ymH+3VGLTR3N11HJzbrmKdmyt3p/s8UGuKO0Lh6rtnSdtM7eq5mfOYgRAp/Wm PZgVCLexexfVNzqzIjkt/KzpNrobFJUryZbXrafVpq14nUAWFRWDN4TCzUdDd0GA um46apVZHH2mAZuq+FIvokFBIIxW2DEvxj/c2UiZqDv2o7TOocssOJXw4CUIsitD QZBLnlmH/jq/L4HHwnT/4eshz2kX6yEYVNP7Nhv4bamEC7eu0y8anItyErZ7+w2L aY/3kL3uWssWnU9ESyIXvex34HmcHK0FzeBKV5ZUEwBXfdjBAGf5k8l0MyoyiS7D FK+OxXsLaORs66GaPA1MHAyAscIVTElu0GQRInDQKCgRf3uvzKT3UammoPF6Djk4 DxxIVjFV7ZExade0XdjlpkI4kUItvxXRnvAX7nT34D+jBny3WuWuVCLHUcrvYaZl hf1pBHkwR/kuK/BHh99QM/JrfvJixe0Nwosdi+ra1TO2eB2/TPtJUdeoiMcoF7qA emssayK3UGk=rOwt -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0650",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "389 directory server",
"scope": "gte",
"trust": 1.0,
"vendor": "redhat",
"version": "1.3.0.0"
},
{
"model": "389 directory server",
"scope": "gte",
"trust": 1.0,
"vendor": "redhat",
"version": "1.4.0.0"
},
{
"model": "389 directory server",
"scope": "lt",
"trust": 1.0,
"vendor": "redhat",
"version": "1.3.8.7"
},
{
"model": "389 directory server",
"scope": "lt",
"trust": 1.0,
"vendor": "redhat",
"version": "1.4.0.14"
},
{
"model": "389 directory server",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "hat directory server",
"scope": "eq",
"trust": 0.6,
"vendor": "red",
"version": "389"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:fedoraproject:389_directory_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "149538"
}
],
"trust": 0.1
},
"cve": "CVE-2018-10935",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-10935",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19614",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "secalert@redhat.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-10935",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-10935",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10935",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "secalert@redhat.com",
"id": "CVE-2018-10935",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-10935",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-19614",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10935",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. 389 Directory Server Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. RedHat389DirectoryServer (formerly known as FedoraDirectoryServer) is an enterprise-class Linux directory server from RedHat. The server fully supports the LDAPv3 specification and features scalable, multi-master replication. A security vulnerability exists in RedHat389DirectoryServer. An attacker could exploit the vulnerability to cause a denial of service (crash). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: 389-ds-base security and bug fix update\nAdvisory ID: RHSA-2018:2757-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:2757\nIssue date: 2018-09-25\nCVE Names: CVE-2018-10850 CVE-2018-10935 CVE-2018-14624\n CVE-2018-14638\n====================================================================\n1. Summary:\n\nAn update for 389-ds-base is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. \n\nSecurity Fix(es):\n\n* 389-ds-base: race condition on reference counter leads to DoS using\npersistent search (CVE-2018-10850)\n\n* 389-ds-base: ldapsearch with server side sort allows users to cause a\ncrash (CVE-2018-10935)\n\n* 389-ds-base: Server crash through modify command with large DN\n(CVE-2018-14624)\n\n* 389-ds-base: Crash in delete_passwdPolicy when persistent search\nconnections are terminated unexpectedly (CVE-2018-14638)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nThe CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the\nCVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat). \n\nBug Fix(es):\n\n* Previously, the nucn-stans framework was enabled by default in Directory\nServer, but the framework is not stable. As a consequence, deadlocks and\nfile descriptor leaks could occur. This update changes the default value of\nthe nsslapd-enable-nunc-stans parameter to \"off\". (BZ#1614836)\n\n* When a search evaluates the \"shadowAccount\" entry, Directory Server adds\nthe shadow attributes to the entry. If the fine-grained password policy is\nenabled, the \"shadowAccount\" entry can contain its own \"pwdpolicysubentry\"\npolicy attribute. Previously, to retrieve this attribute, the server\nstarted an internal search for each \"shadowAccount\" entry, which was\nunnecessary because the entry was already known to the server. As a result, the performance of searches, such as response time and\nthroughput, is improved. (BZ#1615924)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the 389 server service will be restarted\nautomatically. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\nx86_64:\n389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\nx86_64:\n389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\nppc64le:\n389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm\n\nx86_64:\n389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\naarch64:\n389-ds-base-1.3.7.5-28.el7_5.aarch64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.aarch64.rpm\n\nppc64le:\n389-ds-base-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\nppc64:\n389-ds-base-1.3.7.5-28.el7_5.ppc64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.ppc64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.ppc64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64.rpm\n\nppc64le:\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm\n\ns390x:\n389-ds-base-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm\n\nx86_64:\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\naarch64:\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.aarch64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.aarch64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.aarch64.rpm\n\nppc64le:\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.ppc64le.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.ppc64le.rpm\n\ns390x:\n389-ds-base-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.s390x.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\n389-ds-base-1.3.7.5-28.el7_5.src.rpm\n\nx86_64:\n389-ds-base-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-libs-1.3.7.5-28.el7_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\n389-ds-base-debuginfo-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-devel-1.3.7.5-28.el7_5.x86_64.rpm\n389-ds-base-snmp-1.3.7.5-28.el7_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-10850\nhttps://access.redhat.com/security/cve/CVE-2018-10935\nhttps://access.redhat.com/security/cve/CVE-2018-14624\nhttps://access.redhat.com/security/cve/CVE-2018-14638\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW6qI2dzjgjWX9erEAQgW5g//Xn0tMzXPX9ttN9u/n6vEr3kEio7meGc8\ng70R7mtWsJj5z3VfnvFD5mRmQQinsMJXI0/IUfBU+X/oZb7rGI33ALYh0lg1rerc\n2jxXBAwJKpSwkstFvJiUs2XOznh3VaYkwg/UxqEtkh4xSnO1WfbFJpHhoPIf6d8Y\nCu7ymH+3VGLTR3N11HJzbrmKdmyt3p/s8UGuKO0Lh6rtnSdtM7eq5mfOYgRAp/Wm\nPZgVCLexexfVNzqzIjkt/KzpNrobFJUryZbXrafVpq14nUAWFRWDN4TCzUdDd0GA\num46apVZHH2mAZuq+FIvokFBIIxW2DEvxj/c2UiZqDv2o7TOocssOJXw4CUIsitD\nQZBLnlmH/jq/L4HHwnT/4eshz2kX6yEYVNP7Nhv4bamEC7eu0y8anItyErZ7+w2L\naY/3kL3uWssWnU9ESyIXvex34HmcHK0FzeBKV5ZUEwBXfdjBAGf5k8l0MyoyiS7D\nFK+OxXsLaORs66GaPA1MHAyAscIVTElu0GQRInDQKCgRf3uvzKT3UammoPF6Djk4\nDxxIVjFV7ZExade0XdjlpkI4kUItvxXRnvAX7nT34D+jBny3WuWuVCLHUcrvYaZl\nhf1pBHkwR/kuK/BHh99QM/JrfvJixe0Nwosdi+ra1TO2eB2/TPtJUdeoiMcoF7qA\nemssayK3UGk=rOwt\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "PACKETSTORM",
"id": "149538"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10935",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-19614",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2394",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1661",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3144",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201809-560",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2018-10935",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "149538",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "PACKETSTORM",
"id": "149538"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"id": "VAR-201809-0650",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
}
]
},
"last_update_date": "2024-11-23T21:31:23.711000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://directory.fedoraproject.org/"
},
{
"title": "Patch for RedHat389DirectoryServer Denial of Service Vulnerability (CNVD-2018-19614)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/140895"
},
{
"title": "Debian CVElist Bug Report Logs: 389-ds-base: CVE-2018-10935: ldapsearch with server side sort allows users to cause a crash",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4cd337837ef235c9819f4c0a08ff6332"
},
{
"title": "Red Hat: Moderate: 389-ds-base security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182757 - Security Advisory"
},
{
"title": "Red Hat: Moderate: 389-ds-base security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183127 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2018-1094",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1094"
},
{
"title": "Amazon Linux 2: ALAS2-2018-1094",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1094"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
},
{
"problemtype": "CWE-400",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-10935"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2018:2757"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00032.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10935"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10935"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191207-2.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192155-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191207-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/80690"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2394/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3144/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59033"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10850"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10850"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14638"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14624"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14624"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-10935"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "PACKETSTORM",
"id": "149538"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"db": "PACKETSTORM",
"id": "149538"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"date": "2018-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"date": "2018-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"date": "2018-09-25T22:59:06",
"db": "PACKETSTORM",
"id": "149538"
},
{
"date": "2018-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"date": "2018-09-11T15:29:00.343000",
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19614"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10935"
},
{
"date": "2018-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009265"
},
{
"date": "2019-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-560"
},
{
"date": "2024-11-21T03:42:20.647000",
"db": "NVD",
"id": "CVE-2018-10935"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "389 Directory Server Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009265"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-560"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…