389-ds-base-1.3.10.2-15.el7

エラータID: AXSA:2022-3083:01

Release date: 
Thursday, February 24, 2022 - 03:09
Subject: 
389-ds-base-1.3.10.2-15.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* CSN generator can adjust wrongly the local and remote offsets used to generate a CSN

CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.3.10.2-15.el7.src.rpm
    MD5: 94527e0a68935a132ed00360d5ce7c7a
    SHA-256: 3cf2d6092a56e5934ccda01503e2292842a2a5353ab7c62eb0ced4e9369fb871
    Size: 3.73 MB

Asianux Server 7 for x86_64
  1. 389-ds-base-1.3.10.2-15.el7.x86_64.rpm
    MD5: aa91bf3ac8002c490ca96d94970cac63
    SHA-256: 7c6608534638d33ab1e47152dbff4718429e802519e89ad2faabb66adaa90bf2
    Size: 1.74 MB
  2. 389-ds-base-libs-1.3.10.2-15.el7.x86_64.rpm
    MD5: 6487576c9cca3670c2e429bcf3cbda1e
    SHA-256: 72ac5f0dba3da08ba5f4f155bc8dcf89cdbd3f091a0cd73ca0861487e2e2d3b2
    Size: 714.97 kB