Overview

File _patchinfo of Package patchinfo.2045

<patchinfo incident="2045">
  <issue id="1051997" tracker="bnc">VUL-0: CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes</issue>
  <issue id="997256" tracker="bnc">VUL-0: CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation</issue>
  <issue id="1007004" tracker="bnc">VUL-0: CVE-2016-5405: 389-ds: Password verification vulnerable to timing attack</issue>
  <issue id="1020670" tracker="bnc">VUL-1: CVE-2017-2591: 389-ds-base: Heap buffer overflow in uiduniq.c</issue>
  <issue id="1069067" tracker="bnc">VUL-0: CVE-2017-2668 389-ds Remote crash via crafted LDAP messages</issue>
  <issue id="1069074" tracker="bnc">VUL-0: CVE-2016-0741: 389-ds:  worker threads do not detect abnormally closed connections causing DoS</issue>
  <issue id="2017-7551" tracker="cve" />
  <issue id="2016-5405" tracker="cve" />
  <issue id="2017-2668" tracker="cve" />
  <issue id="2016-4992" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>guohouzuo</packager>
  <description>This update for 389-ds fixes the following issues:

- CVE-2017-7551: 389-ds-base: Password brute-force possible for locked account due to different return codes (bsc#1051997)
- CVE-2016-4992: 389-ds: Information disclosure via repeated use of LDAP ADD operation (bsc#997256)
- CVE-2016-5405: 389-ds: Password verification vulnerable to timing attack (bsc#1007004)
- CVE-2017-2591: 389-ds-base: Heap buffer overflow in uiduniq.c (bsc#1020670)
- CVE-2017-2668 389-ds Remote crash via crafted LDAP messages (bsc#1069067)
- CVE-2016-0741: 389-ds:  worker threads do not detect abnormally closed connections causing DoS (bsc#1069074)
</description>
  <summary>Security update for 389-ds</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places