Please Install the Updated Packages.

The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash. (CVE-2013-4485) All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically.

389-ds-base on Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6)

• https://www.redhat.com/archives/rhsa-announce/2013-November/msg00036.html

---

Updated on 2015-03-25