389-ds:1.4 security update

エラータID: AXSA:2022-3938:01

Release date: 
Wednesday, October 26, 2022 - 10:29
Subject: 
389-ds:1.4 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.

Modularity name: 389-ds
Stream name: 1.4

Solution: 

Update packages.

CVEs: 
CVE-2022-2850
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.4.3.28-8.module+el8+1535+6dca006f.src.rpm
    MD5: c63eeff7e1aa9d7e298cba05bbf6a603
    SHA-256: 830006500a53d161a625f2c7e0692a315b5834c505517708f56bc1f32ff9c890
    Size: 23.11 MB

Asianux Server 8 for x86_64
  1. 389-ds-base-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: 136ed1ba80908daff53513e0c6f5ca5d
    SHA-256: a343b01c0a69d64b71ec1e04c5370bc59e2fbab3b14a9370d0b3bef0e27879e3
    Size: 2.50 MB
  2. 389-ds-base-debugsource-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: adbc87120551f7965ebde81e5635b1a9
    SHA-256: a86cbf4fc1adf072df4a26916582d5e136a1cda87536d9b868bb47822f19cc82
    Size: 2.54 MB
  3. 389-ds-base-devel-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: 4215730b1f6707a9136228f84edeb6b7
    SHA-256: 9cff2ef117bf7a88149866179969742b141dac2c48b991499336e45ca4366c1d
    Size: 124.83 kB
  4. 389-ds-base-legacy-tools-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: 2d3fc472d8d9cdba8863aa34989f830f
    SHA-256: 0e5dbb8cab8f427f20846f45a3cbc5cefcb4c40f2c256419d80753a2638aeb85
    Size: 276.98 kB
  5. 389-ds-base-libs-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: 2e00e319e4902fbe821def6fd5f79804
    SHA-256: dafdd30c150aec80073ccf4112469127eeac23ce5adb464c0a8eec92c24cbacc
    Size: 1.40 MB
  6. 389-ds-base-snmp-1.4.3.28-8.module+el8+1535+6dca006f.x86_64.rpm
    MD5: 5ba2fb73406808076479660eb63233b8
    SHA-256: 6103c5d5c6f81135ad34edd7b124bf907841f13e6fb41b66da1ce6642605cebd
    Size: 37.99 kB
  7. python3-lib389-1.4.3.28-8.module+el8+1535+6dca006f.noarch.rpm
    MD5: dd55910cf5069cbfbf10b707eaa94f47
    SHA-256: 458023332b450dbdd00b59b5145ef7d80d128a8f4306560c0a4e5301f6469e45
    Size: 890.99 kB