389-ds-base-1.3.10.2-12.el7

エラータID: AXSA:2021-1847:03

Release date: 
Wednesday, June 9, 2021 - 05:29
Subject: 
389-ds-base-1.3.10.2-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Add new access log keywords for time spent in work queue and actual operation time

CVE-2020-35518
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.

Solution: 

Update packages.

CVEs: 
CVE-2020-35518
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.3.10.2-12.el7.src.rpm
    MD5: 9e19f03c6e7e1209d05fc1473b49bda7
    SHA-256: 1b50ab658ac40232cc7816bb3accb275a3cd5e9931bf102f63ec29a8683f1093
    Size: 3.71 MB

Asianux Server 7 for x86_64
  1. 389-ds-base-1.3.10.2-12.el7.x86_64.rpm
    MD5: 9fd1710e8538fd6c6c0bdc3a6cf8d2ca
    SHA-256: f3dfa048feb4d0d3384e41ce365fcef4db3a22e3a0c24fe1ae4735f8b827214c
    Size: 1.74 MB
  2. 389-ds-base-libs-1.3.10.2-12.el7.x86_64.rpm
    MD5: e124464e1724f903247097252bf1202c
    SHA-256: 6c80cdb67b81b54815679686d5ad02864480552e113b558c910263b89a6d4257
    Size: 713.56 kB