RedHat has issued an advisory on June 12: https://lwn.net/Articles/978093/ Mageia 9 is also affected.
Source RPM: (none) => 389-ds-base-1.4.0.26-19.mga10.src.rpmWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-3657, CVE-2024-2199
An update for 389-ds-base is now available for Red Hat Enterprise Linux 9 "description" "A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input." ns-slapd crashing in ldap_mods_free() I cannot find the correction... BTAIM assigning this globally.
Assignee: bugsquad => pkg-bugs
Fedora has issued an advisory on August 15: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V5A7PZM3C4OAOH6SYIBU4O45IMHPQBEB/
Summary: 389-ds-base new security issues CVE-2024-3657 and CVE-2024-2199 => 389-ds-base new security issues CVE-2024-1062, CVE-2024-2199, CVE-2024-3657 and CVE-2024-5953CVE: CVE-2024-3657, CVE-2024-2199 => CVE-2024-1062, CVE-2024-2199, CVE-2024-3657 and CVE-2024-5953