RedHat has issued an advisory today (February 16): https://rhn.redhat.com/errata/RHSA-2016-0204.html The issue is fixed upstream in 1.3.4.7 (already in Cauldron). Reproducible: Steps to Reproduce:
Status: NEW => ASSIGNED
URL: (none) => http://lwn.net/Vulnerabilities/675820/
This bug has been resolved by upgrading to ver. 1.3.4.8 The following packages are now in updates_testing: 389-ds-base-1.3.4.8-1.mga5.src.rpm 389-ds-base-1.3.4.8-1.mga5.x86_64.rpm lib64389-ds-base0-1.3.4.8-1.mga5.x86_64.rpm lib64389-ds-base-devel-1.3.4.8-1.mga5.x86_64.rpm 389-ds-base-debuginfo-1.3.4.8-1.mga5.x86_64.rpm and corresponding i586 packages
CC: (none) => thomasAssignee: thomas => qa-bugs
Thanks Thomas! Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=11720#c7 Advisory: ======================== Updated 389-ds-base packages fix security vulnerability: An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service) (CVE-2016-0741). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0741 https://rhn.redhat.com/errata/RHSA-2016-0204.html
Whiteboard: (none) => has_procedure
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
MGA-32 on Acer D620 Xfce No installation issues (older version already on the laptop) Tested as per procedure in Comment 2, all OK.
CC: (none) => herman.viaeneWhiteboard: has_procedure advisory => has_procedure advisory MGA5-32-OK
MGA5-64 on Lenovo B50 No installation issues (no older version already on the laptop) Tested as per procedure in Comment 2, all OK.
Whiteboard: has_procedure advisory MGA5-32-OK => has_procedure advisory MGA5-32-OK MGA5-644-OK
Whiteboard: has_procedure advisory MGA5-32-OK MGA5-644-OK => has_procedure advisory MGA5-32-OK MGA5-64-OK
Setup as per https://bugs.mageia.org/show_bug.cgi?id=11720#c7 [root@x5v ~]# systemctl start dirsrv@x5v.service [root@x5v ~]# systemctl status dirsrv@x5v.service â dirsrv@x5v.service - 389 Directory Server x5v. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled) Active: active (running) since Fri 2016-02-19 13:24:32 EST; 5s ago Process: 3547 ExecStopPost=/bin/rm -f /var/run/dirsrv/slapd-%i.pid (code=exited, status=0/SUCCESS) Process: 3558 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) Main PID: 3559 (ns-slapd) CGroup: /system.slice/system-dirsrv.slice/dirsrv@x5v.service ââ3559 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-x5v -i /var/run/dirsrv/slapd-x5v.pid -w /var/run/dirsrv/slapd-x5v.startpid Feb 19 13:24:32 x5v.hodgins.homeip.net systemd[1]: Starting 389 Directory Server x5v.... Feb 19 13:24:32 x5v.hodgins.homeip.net systemd[1]: Started 389 Directory Server x5v.. [root@x5v ~]# netstat -pant | grep 389 tcp6 0 0 :::389 :::* LISTEN 3559/ns-slapd The ldapsearch worked too.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0081.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED