AXSA:2021-2469:04

Release date: 
Wednesday, October 13, 2021 - 04:18
Subject: 
389-ds-base-1.3.10.2-13.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* A plugin can create an index. Even if the index can be used immediately (for

searches) the index remains offline until further reindex

* In some rare case, a replication connection may be treated as a regular connection and ACIs evaluated even if they should not.
* A regular connection can be erroneously flagged replication connection

CVE-2021-3652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.3.10.2-13.el7.src.rpm
    MD5: 1efac602a4831b9fb0e23d24ba563a10
    SHA-256: d2641ab0b45f57df702813ddf2a7473a51783bc4bd7487c7d324afa476208c4b
    Size: 3.71 MB

Asianux Server 7 for x86_64
  1. 389-ds-base-1.3.10.2-13.el7.x86_64.rpm
    MD5: b256e9e8888bb90dc8fd7cd2b28a0829
    SHA-256: f59bbf4889e7ebea83cd7c73efcc6bbffe2e677271b6689962e80773d8cb727c
    Size: 1.74 MB
  2. 389-ds-base-libs-1.3.10.2-13.el7.x86_64.rpm
    MD5: 1723fa735dab3f3e230c389138b56f8e
    SHA-256: f0fd6e286f2e69b5c2f7641e7390b206e57247c544450223d83f93a42508f99d
    Size: 714.29 kB
Copyright© 2007-2015 Asianux. All rights reserved.