Amazon Linux 1 Security Advisory: ALAS-2013-255
Advisory Release Date: 2013-12-11 20:32 Pacific
Advisory Updated Date: 2014-09-16 22:05 Pacific
It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash.
Affected Packages:
389-ds-base
Issue Correction:
Run yum update 389-ds-base to update your system.
i686:
389-ds-base-devel-1.3.1.16-1.8.amzn1.i686
389-ds-base-libs-1.3.1.16-1.8.amzn1.i686
389-ds-base-1.3.1.16-1.8.amzn1.i686
389-ds-base-debuginfo-1.3.1.16-1.8.amzn1.i686
src:
389-ds-base-1.3.1.16-1.8.amzn1.src
x86_64:
389-ds-base-1.3.1.16-1.8.amzn1.x86_64
389-ds-base-debuginfo-1.3.1.16-1.8.amzn1.x86_64
389-ds-base-libs-1.3.1.16-1.8.amzn1.x86_64
389-ds-base-devel-1.3.1.16-1.8.amzn1.x86_64