CVE-2011-1067 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1067): slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not properly manage the c_timelimit field of the connection table element, which allows remote attackers to cause a denial of service (daemon outage) via Simple Paged Results connections, as demonstrated by using multiple processes to replay TCP sessions, a different vulnerability than CVE-2011-0019. CVE-2011-0532 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0532): The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. CVE-2011-0022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0022): The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x), when multiple unprivileged instances are configured, use 0777 permissions for the /var/run/dirsrv directory, which allows local users to cause a denial of service (daemon outage or arbitrary process termination) by replacing PID files contained in this directory. CVE-2011-0019 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0019): slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat Directory Server 8.2.x or dirsrv) does not properly handle simple paged result searches, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via multiple search requests. I guess 'slapd' and the scripts are in the ds-base package. Please correct that if I'm wrong.
CVE-2011-0532 I'm not sure that this vulnerability applies to gentoo
+*389-ds-base-1.2.8.2 (14 Jun 2011) + + 14 Jun 2011; Fabio Erculiani <lxnay@gentoo.org> +389-ds-base-1.2.8.2.ebuild, + -389-ds-base-1.2.6-r2.ebuild, -389-ds-base-1.2.7.5.ebuild: + version bump, fixes Gentoo bug #371633, drop older releases +*389-ds-base-1.2.8.3 (14 Jun 2011) + + 14 Jun 2011; Fabio Erculiani <lxnay@gentoo.org> +389-ds-base-1.2.8.3.ebuild, + -389-ds-base-1.2.8.2.ebuild: + version bump + +*idm-console-framework-1.1.7 (14 Jun 2011) + + 14 Jun 2011; Fabio Erculiani <lxnay@gentoo.org> + +idm-console-framework-1.1.7.ebuild: + version bump to 1.1.7 + +*389-admin-console-1.1.7 (14 Jun 2011) + + 14 Jun 2011; Fabio Erculiani <lxnay@gentoo.org> + +389-admin-console-1.1.7.ebuild, -389-admin-console-1.1.4-r1.ebuild, + -389-admin-console-1.1.5.ebuild: + version bump, fixes Gentoo bug #371633, drop older releases + +*389-admin-1.1.16 (14 Jun 2011) + + 14 Jun 2011; Fabio Erculiani <lxnay@gentoo.org> + -files/1.1.14_backports/0000-selinux-crash-fix.patch, + +389-admin-1.1.16.ebuild, -389-admin-1.1.11_rc1-r1.ebuild, + -389-admin-1.1.13.ebuild, + -files/1.1.14_backports/0001-ssl-segfault-fix.patch: + version bump, fixes Gentoo bug #371633, drop older releases + Fixes CVE-2011-0019, CVE-2011-0022, CVE-2011-0532, CVE-2011-1067 Please double check
(In reply to comment #2) > > Fixes CVE-2011-0019, CVE-2011-0022, CVE-2011-0532, CVE-2011-1067 > > Please double check I believe it does; thanks for the bump. Resolving noglsa for ~arch only package.
