ALAS-2016-664


Amazon Linux AMI Security Advisory: ALAS-2016-664
Advisory Release Date: 2016-03-10 16:30 Pacific
Severity: Important
References: CVE-2016-0741 

Issue Overview:

An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service).


Affected Packages:

389-ds-base


Issue Correction:
Run yum update 389-ds-base to update your system.

New Packages:
i686:
    389-ds-base-devel-1.3.4.0-26.47.amzn1.i686
    389-ds-base-1.3.4.0-26.47.amzn1.i686
    389-ds-base-libs-1.3.4.0-26.47.amzn1.i686
    389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.i686

src:
    389-ds-base-1.3.4.0-26.47.amzn1.src

x86_64:
    389-ds-base-1.3.4.0-26.47.amzn1.x86_64
    389-ds-base-devel-1.3.4.0-26.47.amzn1.x86_64
    389-ds-base-debuginfo-1.3.4.0-26.47.amzn1.x86_64
    389-ds-base-libs-1.3.4.0-26.47.amzn1.x86_64