{"id":"MGASA-2022-0134","summary":"Updated 389-ds-base packages fix security vulnerability","details":"A vulnerability was discovered in the 389 Directory Server that allows an\nunauthenticated attacker with network access to the LDAP port to cause a\ndenial of service. The denial of service is triggered by a single message\nsent over a TCP connection, no bind or other authentication is required.\nThe message triggers a segmentation fault that results in slapd crashing.\n(CVE-2022-0918)\n\nA vulnerability was found in the 389 Directory Server that allows expired\npasswords to access the database to cause improper authentication.\n(CVE-2022-0996)\n","modified":"2026-04-16T04:44:04.467271033Z","published":"2022-04-09T21:20:39Z","upstream":["CVE-2022-0918","CVE-2022-0996"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0134.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30235"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PYT2IQJFHQWZENJJRY6EJB3XIFZGNT7F/"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WUT5CGHERM6PDXKCM7Z3IJLGIYJ6V6AO/"}],"affected":[{"package":{"name":"389-ds-base","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/389-ds-base?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.4.0.26-8.4.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0134.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}