389-ds-base-1.3.10.2-13.el7

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* A plugin can create an index. Even if the index can be used immediately (for

searches) the index remains offline until further reindex

* In some rare case, a replication connection may be treated as a regular connection and ACIs evaluated even if they should not.
* A regular connection can be erroneously flagged replication connection

CVE-2021-3652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.