389-ds-base-1.3.5.10-11.el7
エラータID: AXSA:2016-1115:06
リリース日:
2016/11/29 Tuesday - 09:01
題名:
389-ds-base-1.3.5.10-11.el7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- 389 Directory Server には,リモートの攻撃者が RDN コンポーネントオブ
ジェクトの存在を推定する脆弱性があります。(CVE-2016-4992)
- 389 Directory Server には,リモートの攻撃者がユーザのパスワードを取
得する脆弱性があります。(CVE-2016-5405)
- 389 Directory Server には,リモートの攻撃者がデフォルトのアクセスコ
ントロール命令を読み込むことができる脆弱性があります。
(CVE-2016-5416)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2016-4992
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.
CVE-2016-5405
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords.
CVE-2016-5416
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions.
追加情報:
N/A
ダウンロード:
SRPMS
- 389-ds-base-1.3.5.10-11.el7.src.rpm
MD5: b5435f9fccfb09c7e996cf9b72690705
SHA-256: 4dd129a8f6cbbbe4b9a362a69cb90d8847044e7a5d1a48d83605d315fa22c975
Size: 4.00 MB
Asianux Server 7 for x86_64
- 389-ds-base-1.3.5.10-11.el7.x86_64.rpm
MD5: 56df74b5f3e79053a9e7e9df8f39c6d6
SHA-256: 645913dea93749591aedcb04089688a7449b572f545333f89c17b3a987234f73
Size: 1.69 MB - 389-ds-base-libs-1.3.5.10-11.el7.x86_64.rpm
MD5: 80c591fedb6227f4bb752ee27b5c2198
SHA-256: 00b6ea9c277a8aa8ede153a0bbdaae089fd3f0fbfee9e4dcb8795b74c6e3b703
Size: 663.09 kB