RedHat has issued an advisory on April 28: https://rhn.redhat.com/errata/RHSA-2015-0895.html Reproducible: Steps to Reproduce:
The patches RedHat added are in this commit: https://git.centos.org/commit/rpms!389-ds-base.git/309aa9ee631432d72c845f70df2ce6475055423b
Whiteboard: (none) => MGA5TOO, MGA4TOO
I upgraded it to version 3.3.3.10 which fixes this bug, issue CVE-2015-1854. It's easier to maintain than to apply patches during the lifecycle or mga4 on this package. The following packages are now in updates testing (and asked for a freeze push in cauldron (mga5) ) 389-ds-base-1.3.3.10-1.mga4.src.rpm 389-ds-base-1.3.3.10-1.mga4.x86_64.rpm lib64389-ds-base0-1.3.3.10-1.mga4.x86_64.rpm lib64389-ds-base-devel-1.3.3.10-1.mga4.x86_64.rpm 389-ds-base-debuginfo-1.3.3.10-1.mga4.x86_64.rpm and corresponding i586 packages
Status: NEW => ASSIGNED
Thanks Thomas! Package list in Comment 2. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=11720#c7 Advisory: ======================== Updated 389-ds-base packages fix security vulnerability: A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server (CVE-2015-1854). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 https://rhn.redhat.com/errata/RHSA-2015-0895.html
CC: (none) => thomasVersion: Cauldron => 4Assignee: thomas => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => has_procedure
Tested on a MGA-x86-64 VM and it works fine.
CC: (none) => shlomifWhiteboard: has_procedure => MGA4-64-OK has_procedure
MGA4-32-OKing it because I tested it on an i586 VM and it's OK.
Whiteboard: MGA4-64-OK has_procedure => MGA4-64-OK has_procedure MGA4-32-OK
Thanks Shlomi Validating. Advisory uploaded. Please push to 4 updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA4-64-OK has_procedure MGA4-32-OK => MGA4-64-OK has_procedure advisory MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0183.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED