389-ds:1.4 security update

エラータID: AXSA:2022-3797:01

Release date: 
Tuesday, September 6, 2022 - 04:21
Subject: 
389-ds:1.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)
* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-0918
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

Modularity name: 389-ds
Stream name: 1.4

Solution: 

Update packages.

CVEs: 
CVE-2022-0918
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
CVE-2022-0996
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.4.3.28-7.module+el8+1517+1312fef3.src.rpm
    MD5: fac315510e5b4490a3cb98ca653b6dea
    SHA-256: f8f1bab6c609b9fca55a5a4985a532623a66d0a20e48109c331290158fd481e4
    Size: 23.11 MB

Asianux Server 8 for x86_64
  1. 389-ds-base-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: 9d1056940627d30d97343a360024eaba
    SHA-256: 9793fb6c694058b475f9bf6e702f1b1034f741fb850e104202cd251c7cfe2089
    Size: 2.48 MB
  2. 389-ds-base-debugsource-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: 4857fca7cf92439d08263df7894c5efb
    SHA-256: baa9ee602f5845605bad77a1f65b5aa4f5b6644c44a2630fe85e53303b490e39
    Size: 2.54 MB
  3. 389-ds-base-devel-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: c865b0a4a4a3ef87fb6aea6b30a8367e
    SHA-256: 21872c942f28ba86033eec77d541a16c1d9329c2a94f4de25047d6f0126d113b
    Size: 124.68 kB
  4. 389-ds-base-legacy-tools-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: 3b7753fa7a30ea7ca3c8643672677ee7
    SHA-256: 0f8151856e0bb577259ddcddfa73b2e8cf57c5d2ee4917ff991e9cd661cbf691
    Size: 276.86 kB
  5. 389-ds-base-libs-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: 2246ee646115ddb2a3704372f6de5ea8
    SHA-256: 19c5988610d5b7ad3c19d3d5f32aaf6dc5871f2164a8dd9ac6d054b63582a73c
    Size: 1.38 MB
  6. 389-ds-base-snmp-1.4.3.28-7.module+el8+1517+1312fef3.x86_64.rpm
    MD5: fa0e2a22457dcc220ba082eafd453755
    SHA-256: a771c54d7afbc5918c77ea04a777e5b11a60698c61b74a340fbe5600d1e28790
    Size: 37.86 kB
  7. python3-lib389-1.4.3.28-7.module+el8+1517+1312fef3.noarch.rpm
    MD5: 9fece0ec705b9b9d8dbb42eb9845372c
    SHA-256: 19559e46a4cc56b9e8354827ef4d011ec7134f88c8f6c5505ac3d4c0c37afe5f
    Size: 890.73 kB