CVE-2021-3514: When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash. 1.4.4 branch patch: https://github.com/389ds/389-ds-base/commit/58dbf084a63e6dbbd999bf6a70475fad8255f26a Patch is in 1.4.4.16, please bump.
Package list is empty or all packages have requested keywords.
Ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d313250b77028f193e7590666973e8ba2a38270 commit 1d313250b77028f193e7590666973e8ba2a38270 Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2021-07-28 13:09:56 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-08-12 07:49:50 +0000 net-nds/389-ds-base: remove vulnerable Bug: https://bugs.gentoo.org/794505 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Robert Förster <Dessa@gmake.de> Closes: https://github.com/gentoo/gentoo/pull/21815 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-nds/389-ds-base/389-ds-base-1.4.4.13.ebuild | 304 --------------------- net-nds/389-ds-base/Manifest | 34 --- .../files/389-ds-base-1.4.4.13-libxcrypt.patch | 66 ----- 3 files changed, 404 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c99b894acb927383fe0b2e47e02b93d0fdc352c commit 2c99b894acb927383fe0b2e47e02b93d0fdc352c Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2021-07-28 13:09:01 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-08-12 07:49:25 +0000 net-nds/389-ds-base: bump to 1.4.4.16 with security fixes for CVE-2021-3514 and CVE-2021-3652 Bug: https://bugs.gentoo.org/794505 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Robert Förster <Dessa@gmake.de> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-nds/389-ds-base/389-ds-base-1.4.4.16.ebuild | 299 +++++++++++++++++++++ net-nds/389-ds-base/Manifest | 26 ++ .../files/389-ds-base-1.4.4.16-crypt-import.patch | 118 ++++++++ 3 files changed, 443 insertions(+)
Thanks!