{"id":"MGASA-2017-0028","summary":"Updated 389-ds-base packages fix security vulnerability","details":"The \"attribute uniqueness\" plugin did not properly NULL-terminate an\narray when building up its configuration if a so called 'old-style'\nconfiguration was being used. An attacker, authenticated, but possibly\nalso unauthenticated, could possibly force the plugin to read beyond\nallocated memory and trigger a segfault. The crash could also possibly\nbe triggered accidentally (CVE-2017-2591).\n","modified":"2026-04-16T06:25:34.617541549Z","published":"2017-01-27T20:30:52Z","upstream":["CVE-2017-2591"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0028.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20138"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2017/01/18/5"},{"type":"WEB","url":"https://fedorahosted.org/389/ticket/48986"}],"affected":[{"package":{"name":"389-ds-base","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.4.14-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0028.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}