エラータID: AXSA:2023-4906:01

Release date: 
Tuesday, January 31, 2023 - 07:57
Affected Channels: 
MIRACLE LINUX 9 for x86_64

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

The following packages have been upgraded to a later upstream version: 389-ds-base (2.1.3). (BZ#2061801)

Security Fix(es):

* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)
* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)
* 389-ds-base: expired password was still allowed to access the database (CVE-2022-0996)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.1 Release Notes linked from the References section.

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.
A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514.


Update packages.

Additional Info: 



  1. 389-ds-base-2.1.3-4.el9.src.rpm
    MD5: b86accc2a4ae5b0b06346bcaed628bf9
    SHA-256: 122e33a6c3358f93d6139ac442d819a4ed9d81b85bff98dc0e4a62ede901059c
    Size: 13.90 MB

Asianux Server 9 for x86_64
  1. 389-ds-base-2.1.3-4.el9.x86_64.rpm
    MD5: 7e05a63b50559c897d8c0ccf228ce98d
    SHA-256: a6feeb3ba10d17a593d53d34c8efecf6993e63a5f37819c316d132fc073cd47f
    Size: 2.85 MB
  2. 389-ds-base-libs-2.1.3-4.el9.x86_64.rpm
    MD5: d59ac7229ceb592adfddbe254c41b038
    SHA-256: f831874ef64bbf93a268db9aec83f26793db7df87816455c993ce07e8fadab06
    Size: 1.47 MB
  3. python3-lib389-2.1.3-4.el9.noarch.rpm
    MD5: 2e2e3b140d71822cc4a737d2e1949614
    SHA-256: d3074a1ccc0194c1eebccee907928c8cb0ff02aeb1ca4a6fe610d579e5dee83f
    Size: 856.27 kB