Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1623247 - CVE-2018-14624 389-ds-base: Server crash through modify command with large DN [rhel-7.5.z]
CVE-2018-14624 389-ds-base: Server crash through modify command with large DN...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.7-Alt
All Linux
medium Severity medium
: rc
: ---
Assigned To: mreynolds
Viktor Ashirov
: Security, SecurityTracking, ZStream
Depends On: 1614820
Blocks: CVE-2018-14624
  Show dependency treegraph
 
Reported: 2018-08-28 16:14 EDT by Jaroslav Reznik
Modified: 2018-09-25 15:06 EDT (History)
11 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.7.5-27.el7_5
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1614820
Environment:
Last Closed: 2018-09-25 15:06:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2757 None None None 2018-09-25 15:06 EDT

  None (edit)
Description Jaroslav Reznik 2018-08-28 16:14:24 EDT 
This bug has been copied from bug #1614820 and has been proposed to be backported to 7.5 z-stream (EUS).
Comment 3 Doran Moppert 2018-08-29 23:28:40 EDT 
*** Bug 1623721 has been marked as a duplicate of this bug. ***
Comment 4 Viktor Ashirov 2018-08-30 08:54:59 EDT 
Build tested: 389-ds-base-1.3.7.5-27.el7_5.x86_64

Reproducer from https://bugzilla.redhat.com/show_bug.cgi?id=1614820#c7 no longer crashes the server, error messages are formatted correctly:

[30/Aug/2018:08:43:15.953873158 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.087007955 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.113006138 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!
[30/Aug/2018:08:43:16.145550284 -0400]  - EMERG - Insufficent buffer capacity to fit timestamp and message!

Marking as VERIFIED.
Comment 5 Doran Moppert 2018-08-30 20:38:12 EDT 
A change was made (new impact, public date, or CSAw status) to the security issue(s) blocked by this tracker, resulting in a new SLA deadline. This bug must now be resolved by 31-Aug-2019.

Refer to this bug's Description for information about how to resolve this bug.
Comment 7 errata-xmlrpc 2018-09-25 15:06:11 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2757
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.