~ubuntu-security/ubuntu-cve-tracker/master

Viewing changes to active/CVE-2017-2668

Committer: Steve Beattie
Date: 2018-06-22 16:34:50 UTC
Revision ID: sbeattie@ubuntu.com-20180622163450-j48blbt278zn8t2y

Process cves run: triaged 3 CVEs, 10 Ignored, 5 Packages

Packages with new cves:
exempi(1) linux(1) qemu(1) qemu-kvm(1) virtualbox(1)

files added:
active/CVE-2018-12617

active/CVE-2018-12633

active/CVE-2018-12648

files modified:
active/CVE-2017-2668

active/CVE-2017-7466

active/CVE-2018-3665

check-cves.log

ignored/not-for-us.txt

Show diffs side-by-side

added added

removed removed

active/CVE-2017-2668

Candidate: CVE-2017-2668

PublicDate: 2017-04-13

PublicDate: 2018-06-22

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2668

https://bugzilla.redhat.com/show_bug.cgi?id=1436575

https://pagure.io/389-ds-base/issue/49184

https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch

Description:

Remote crash via crafted LDAP messages

389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an

invalid pointer dereference in the way LDAP bind requests are handled. A

remote unauthenticated attacker could use this flaw to make ns-slapd crash

via a specially crafted LDAP bind request, resulting in denial of service.

Ubuntu-Description:

Notes:

Bugs:

Older »