389-ds:1.4 security update

エラータID: AXSA:2022-3115:01

Release date: 
Thursday, March 17, 2022 - 01:33
Subject: 
389-ds:1.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: double free of the virtual attribute context in persistent search (CVE-2021-4091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Paged search lookthroughlimit counter doesnt take read ahead into account
* Based on 1944494 (RFC 4530 entryUUID attribute) - plugin entryuuid failing

CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.

Modularity name: 389-ds
Stream name: 1.4

Solution: 

Update packages.

CVEs: 
CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.4.3.23-14.module+el8+1400+80166789.src.rpm
    MD5: bfc6e7c45ddc824ae3d41397fbbcc752
    SHA-256: 80e84d986da7fba5f6b301024c32a21a6c6c4e87324aca2eabdc1dd91123bc9d
    Size: 18.51 MB

Asianux Server 8 for x86_64
  1. 389-ds-base-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: 6725ac54ed0e581400a6694591919715
    SHA-256: 81d26b9e9f776ac641081f3e8c20460693e2d4284e8e31a6ea14f10760f928a1
    Size: 2.49 MB
  2. 389-ds-base-debugsource-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: f72a914e28a27375838734bf88c2c8c3
    SHA-256: 33019b785ce2399106a22f07e0096b9dca5f10603edb2e16866a28112bded432
    Size: 2.54 MB
  3. 389-ds-base-devel-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: 083a5449a67d639c4b8c0b0253fc23fa
    SHA-256: 1ccb491f914b0b91440b7f9fea5ba9b8fdc9d344c417d3a1cf6c799db70294fa
    Size: 126.91 kB
  4. 389-ds-base-legacy-tools-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: 700c57309ed5649633d00196201121db
    SHA-256: 7553cab972a587d71ff61b53c39fe4f4b62baae4fa81023405c6425288641e1b
    Size: 279.14 kB
  5. 389-ds-base-libs-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: 278099bbe97b6c726f548da6e2e5a2d3
    SHA-256: f2b3fb38791822ff7cc5c678f011687a4bbfc37623e6eafbc050366df1fdd34e
    Size: 1.38 MB
  6. 389-ds-base-snmp-1.4.3.23-14.module+el8+1400+80166789.x86_64.rpm
    MD5: 7fdd7fd11dee81d3c459285d903c7add
    SHA-256: 331e601800620c8abc1c0ef4b0921bf5813325b89490b9a3ed1f9040bd725778
    Size: 40.18 kB
  7. python3-lib389-1.4.3.23-14.module+el8+1400+80166789.noarch.rpm
    MD5: 673e9cdb9ec774111778d65ac193c316
    SHA-256: 94fdc3a9ac5558555fa4c2dc79146caae69a370cc6192cfc93ca0fd42236f9e0
    Size: 888.75 kB