{"affected":[{"ecosystem_specific":{"binaries":[{"389-ds":"1.4.0.26~git0.8a2d3de6f-4.14.1","389-ds-devel":"1.4.0.26~git0.8a2d3de6f-4.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15","name":"389-ds","purl":"pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.0.26~git0.8a2d3de6f-4.14.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"389-ds":"1.4.0.26~git0.8a2d3de6f-4.14.1","389-ds-devel":"1.4.0.26~git0.8a2d3de6f-4.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP1","name":"389-ds","purl":"pkg:rpm/suse/389-ds&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.0.26~git0.8a2d3de6f-4.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for 389-ds to version 1.4.0.26 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-5416: Fixed an information disclosure where a anonymous user could read the default ACI (bsc#991201).\n- CVE-2018-1054: Fixed a denial of service via search filters in SetUnicodeStringFromUTF_8() (bsc#1083689).\n- CVE-2018-1089: Fixed a buffer overflow via large filter value (bsc#1092187).\n- CVE-2018-10871: Fixed an information disclosure in certain plugins leading to the disclosure of plaintext password to an privileged attackers (bsc#1099465).\n- CVE-2018-14638: Fixed a denial of service through a crash in delete_passwdPolicy () (bsc#1108674).\n- CVE-2018-14648: Fixed a denial of service caused by malformed values in search queries (bsc#1109609).\n- CVE-2018-10935: Fixed a denial of service related to ldapsearch with server side sort (bsc#1105606).\n- CVE-2019-3883: Fixed a denial of service caused by hanging LDAP requests over TLS (bsc#1132385).\n","id":"SUSE-SU-2019:2155-1","modified":"2019-08-15T15:51:09Z","published":"2019-08-15T15:51:09Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192155-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092187"},{"type":"REPORT","url":"https://bugzilla.suse.com/1099465"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105606"},{"type":"REPORT","url":"https://bugzilla.suse.com/1108674"},{"type":"REPORT","url":"https://bugzilla.suse.com/1109609"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120189"},{"type":"REPORT","url":"https://bugzilla.suse.com/1132385"},{"type":"REPORT","url":"https://bugzilla.suse.com/1144797"},{"type":"REPORT","url":"https://bugzilla.suse.com/991201"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10871"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-10935"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14638"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-14648"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-3883"}],"related":["CVE-2016-5416","CVE-2018-1054","CVE-2018-10871","CVE-2018-1089","CVE-2018-10935","CVE-2018-14638","CVE-2018-14648","CVE-2019-3883"],"summary":"Security update for 389-ds","upstream":["CVE-2016-5416","CVE-2018-1054","CVE-2018-10871","CVE-2018-1089","CVE-2018-10935","CVE-2018-14638","CVE-2018-14648","CVE-2019-3883"]}