-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : 389-ds-base Version : 1.3.3.5-4+deb8u4 CVE ID : CVE-2018-14648
It was discovered that 389-ds-base (the 389 Directory Server) is vulnerable to search queries with malformed values in the do_search() function (servers/slapd/search.c). Attackers could leverage this vulnerability by sending crafted queries in a loop to cause DoS. For Debian 8 "Jessie", this problem has been fixed in version 1.3.3.5-4+deb8u4. We recommend that you upgrade your 389-ds-base packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlvRn6AACgkQZYVUZx9w 0DSaqgf/UovxxepF+64NBh7m9LtixOa11T61ocMr1ebPQExv76NujJQlqYQ9O36v Bidt5+3RHlznAn/askLm58wwEMb+yVdiFco5axQF84rjtbBLSiVfJ3+3ZCM2unDB oO45quFbE/f+dCswZZrtsMaTT6Ssf1GlRgmc2Fpt2pJQZygo37vsXQmgW3Uvk3lU 9hr2Jdsl0SdFbSpMET38xrsxYB6oF+5sRV/bsjCbQ1I7G+S8JGrr3576ESIzXsUa CQ2vc62/YUlXnVWv5NUNzmCDUIbeZ+rXgh1ZR6axn303tQU0Y0Wm0Vd8Oc7sVswu d6yPSsfmxrA4kUSjmktCzJF6uT6GvA== =CTcG -----END PGP SIGNATURE-----