548142 – (CVE-2015-1854) <net-nds/389-ds-base-1.3.4.8: access control bypass with modrdn

Bug 548142 (CVE-2015-1854) - <net-nds/389-ds-base-1.3.4.8: access control bypass with modrdn

Summary: <net-nds/389-ds-base-1.3.4.8: access control bypass with modrdn

Status:	RESOLVED FIXED

Alias:	CVE-2015-1854

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	http://directory.fedoraproject.org/do...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-04-29 15:53 UTC by Agostino Sarubbo
Modified:	2016-03-29 11:33 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2015-04-29 15:53:23 UTC

From ${URL} :

The 389 Directory Server team is proud to announce 389-ds-base version 1.3.3.10.

Fedora packages are available from the Fedora 21, 22 and Rawhide repositories.

The new packages and versions are:

389-ds-base-1.3.3.10-1
A source tarball is available for download at Download Source

Highlights in 1.3.3.10
One important security bug was fixed.

Detailed Changelog since 1.3.3.8
Bug 1216203 - CVE-2015-1854 389ds-base: access control bypass with modrdn [fedora-all]


@maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.

Comment 1 William Brown 2016-02-07 01:49:06 UTC

Hi,

We have updated 389-ds-base to 1.3.4.7. This should resolve the issue.

Thanks,

Comment 2 Adam Feldman gentoo-dev

2016-02-07 01:55:50 UTC

Referenced commit 5a7174bf7122309eee568651fb5f3413155f9fc2

Comment 3 Aaron Bauman (RETIRED) gentoo-dev

2016-03-29 11:33:09 UTC

No vulnerable versions in tree.