389-ds-base-1.3.11.1-5.el7

エラータID: AXSA:2024-8119:05

Release date: 
Wednesday, June 5, 2024 - 05:10
Subject: 
389-ds-base-1.3.11.1-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)
* 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-2199

CVE-2024-3657

Solution: 

Update packages.

CVEs: 
CVE-2024-2199
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
CVE-2024-3657
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Additional Info: 

N/A

Download: 

SRPMS
  1. 389-ds-base-1.3.11.1-5.el7.src.rpm
    MD5: d9ec8543fc9fa56de8c5d0b68a7604da
    SHA-256: 5e78df5cb4f37b811b1858d3a3f2d8c1a55b7e4b24af8de0263b59006db75dd7
    Size: 37.28 MB

Asianux Server 7 for x86_64
  1. 389-ds-base-1.3.11.1-5.el7.x86_64.rpm
    MD5: c3f57543912da187b145aadc63046fcf
    SHA-256: 521c494dcd446f9f3d600de18238af43bb1d05aad848b7924a3fe50374a1fa39
    Size: 2.39 MB
  2. 389-ds-base-libs-1.3.11.1-5.el7.x86_64.rpm
    MD5: 1c8e67e1db59fdebcb2a152e6b71aa9f
    SHA-256: 90406fa2b6fcb3078be29f5def6d099fd4f8afc5eb0543c3366c16206284a85f
    Size: 717.63 kB