Bug 1623247 - CVE-2018-14624 389-ds-base: Server crash through modify command with large DN [rhel-7.5.z]
Summary: CVE-2018-14624 389-ds-base: Server crash through modify command with large DN...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base
Version: 7.7-Alt
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Deadline: 2019-08-31
Assignee: mreynolds
QA Contact: Viktor Ashirov
URL:
Whiteboard:
Keywords: Security, SecurityTracking, ZStream
Depends On: 1614820
Blocks: CVE-2018-14624
TreeView+ depends on / blocked
 
Reported: 2018-08-28 20:14 UTC by Jaroslav Reznik
Modified: 2018-09-25 19:06 UTC (History)
11 users (show)

(edit)
Clone Of: 1614820
(edit)
Last Closed: 2018-09-25 19:06:11 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2757 None None None 2018-09-25 19:06 UTC

Description Jaroslav Reznik 2018-08-28 20:14:24 UTC
This bug has been copied from bug #1614820 and has been proposed to be backported to 7.5 z-stream (EUS).

Comment 3 Doran Moppert 2018-08-30 03:28:40 UTC
*** Bug 1623721 has been marked as a duplicate of this bug. ***

Comment 4 Viktor Ashirov 2018-08-30 12:54:59 UTC
Build tested: 389-ds-base-1.3.7.5-27.el7_5.x86_64

Reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=1614820#c7 no longer crashes the server, error messages are formatted correctly:

[30/Aug/2018:08:43:15.953873158 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.087007955 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.113006138 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.145550284 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!

Marking as VERIFIED.

Comment 5 Doran Moppert 2018-08-31 00:38:12 UTC
A change was made (new impact, public date, or CSAw status) to the security issue(s) blocked by this tracker, resulting in a new SLA deadline. This bug must now be resolved by 31-Aug-2019.

Refer to this bug's Description for information about how to resolve this bug.

Comment 7 errata-xmlrpc 2018-09-25 19:06:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757


Note You need to log in before you can comment on or make changes to this bug.