ALAS-2013-255


Amazon Linux 1 Security Advisory: ALAS-2013-255
Advisory Release Date: 2013-12-11 20:32 Pacific
Advisory Updated Date: 2014-09-16 22:05 Pacific
Severity: Important

Issue Overview:

It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash.


Affected Packages:

389-ds-base


Issue Correction:
Run yum update 389-ds-base to update your system.

New Packages:
i686:
    389-ds-base-devel-1.3.1.16-1.8.amzn1.i686
    389-ds-base-libs-1.3.1.16-1.8.amzn1.i686
    389-ds-base-1.3.1.16-1.8.amzn1.i686
    389-ds-base-debuginfo-1.3.1.16-1.8.amzn1.i686

src:
    389-ds-base-1.3.1.16-1.8.amzn1.src

x86_64:
    389-ds-base-1.3.1.16-1.8.amzn1.x86_64
    389-ds-base-debuginfo-1.3.1.16-1.8.amzn1.x86_64
    389-ds-base-libs-1.3.1.16-1.8.amzn1.x86_64
    389-ds-base-devel-1.3.1.16-1.8.amzn1.x86_64