RedHat has issued advisories on April 11 and April 12: https://rhn.redhat.com/errata/RHSA-2017-0893.html https://rhn.redhat.com/errata/RHSA-2017-0920.html Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package.
CC: (none) => marja11Assignee: bugsquad => pkg-bugs
CVE: (none) => CVE-2017-2668CC: (none) => mageia
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
Suggested advisory: ======================== The updated packages fix a security vulnerability: An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668 https://rhn.redhat.com/errata/RHSA-2017-0893.html https://rhn.redhat.com/errata/RHSA-2017-0920.html ======================== Updated packages in core/updates_testing: ======================== 389-ds-base-1.3.4.14-1.2.mga5 lib(64)389-ds-base0-1.3.4.14-1.2.mga5 lib(64)389-ds-base-devel-1.3.4.14-1.2.mga5 from SRPMS: 389-ds-base-1.3.4.14-1.2.mga5.src.rpm
Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNED
Whiteboard: (none) => advisoryCC: (none) => davidwhodgins
MGA5-32 on AsusA6000VM Xfce No installation issues. Completed test as per bug 11720 Comment 7 (tx Claire), all OK. # systemctl start dirsrv@mach6.service # systemctl -l status dirsrv@mach6.service â dirsrv@mach6.service - 389 Directory Server mach6. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; static) Active: active (running) since vr 2017-04-28 10:08:35 CEST; 18s ago Process: 12182 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) Main PID: 12185 (ns-slapd) CGroup: /system.slice/system-dirsrv.slice/dirsrv@mach6.service ââ12185 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-mach6 -i /var/run/dirsrv/slapd-mach6.pid -w /var/run/dirsrv/slapd-mach6.startpid # netstat -pant | grep 389 tcp6 0 0 :::389 :::* LISTEN 12185/ns-slapd # ldapsearch -x -h localhost -s base -b "" "objectclass=*" # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: objectclass=* # requesting: ALL # # dn: objectClass: top defaultnamingcontext: dc=hviaene,dc=thuis dataversion: 020170428080836 netscapemdsuffix: cn=ldap://dc=mach6,dc=hviaene,dc=thuis:389 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
Whiteboard: advisory => advisory MGA5-32-OKCC: (none) => herman.viaene
Mageia 5 x86_64. After running setup-ds.pl ... [root@x5v ~]# systemctl status dirsrv@x5v.service ● dirsrv@x5v.service - 389 Directory Server x5v. Loaded: loaded (/usr/lib/systemd/system/dirsrv@.service; enabled) Active: active (running) since Mon 2017-05-01 21:36:27 EDT; 2min 5s ago Process: 3218 ExecStart=/usr/sbin/ns-slapd -D /etc/dirsrv/slapd-%i -i /var/run/dirsrv/slapd-%i.pid -w /var/run/dirsrv/slapd-%i.startpid (code=exited, status=0/SUCCESS) Main PID: 3234 (ns-slapd) CGroup: /system.slice/system-dirsrv.slice/dirsrv@x5v.service └─3234 /usr/sbin/ns-slapd -D /etc/dirsrv/slapd-x5v -i /var/run/dirsrv/slapd-x5v.pid -w /var/run/dirsrv/slapd-x5v.startpid May 01 21:36:27 x5v.hodgins.homeip.net systemd[1]: Starting 389 Directory Server x5v.... May 01 21:36:27 x5v.hodgins.homeip.net systemd[1]: Started 389 Directory Server x5v.. [root@x5v ~]# netstat -pant | grep 389 tcp6 0 0 :::389 :::* LISTEN 3234/ns-slapd [root@x5v ~]# ldapsearch -x -h localhost -s base -b "" "objectclass=*" # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: objectclass=* # requesting: ALL # # dn: objectClass: top defaultnamingcontext: dc=hodgins,dc=homeip,dc=net dataversion: 020170502013627 netscapemdsuffix: cn=ldap://dc=x5v,dc=hodgins,dc=homeip,dc=net:389 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 Validating the update.
Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0123.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED