389 security update

2014-08-0718:28:00

CentOS Project

lists.centos.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.3%

JSON

CentOS Errata and Security Advisory CESA-2014:1031

The 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.

It was found that when replication was enabled for each attribute in 389
Directory Server, which is the default configuration, the server returned
replicated metadata when the directory was searched while debugging was
enabled. A remote attacker could use this flaw to disclose potentially
sensitive information. (CVE-2014-3562)

This issue was discovered by Ludwig Krispenz of Red Hat.

All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-August/082639.html
https://lists.centos.org/pipermail/centos-announce/2014-August/082641.html

Affected packages:
389-ds-base
389-ds-base-devel
389-ds-base-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1031

OSVersionArchitecturePackageVersionFilename
CentOS6i686389-ds-base< 1.2.11.15-34.el6_5389-ds-base-1.2.11.15-34.el6_5.i686.rpm
CentOS6i686389-ds-base-devel< 1.2.11.15-34.el6_5389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm
CentOS6i686389-ds-base-libs< 1.2.11.15-34.el6_5389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm
CentOS6x86_64389-ds-base< 1.2.11.15-34.el6_5389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm
CentOS6i686389-ds-base-devel< 1.2.11.15-34.el6_5389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm
CentOS6x86_64389-ds-base-devel< 1.2.11.15-34.el6_5389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm
CentOS6i686389-ds-base-libs< 1.2.11.15-34.el6_5389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm
CentOS6x86_64389-ds-base-libs< 1.2.11.15-34.el6_5389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm
CentOS7x86_64389-ds-base< 1.3.1.6-26.el7_0389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm
CentOS7x86_64389-ds-base-devel< 1.3.1.6-26.el7_0389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	6	i686	389-ds-base	< 1.2.11.15-34.el6_5	389-ds-base-1.2.11.15-34.el6_5.i686.rpm
CentOS	6	i686	389-ds-base-devel	< 1.2.11.15-34.el6_5	389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm
CentOS	6	i686	389-ds-base-libs	< 1.2.11.15-34.el6_5	389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm
CentOS	6	x86_64	389-ds-base	< 1.2.11.15-34.el6_5	389-ds-base-1.2.11.15-34.el6_5.x86_64.rpm
CentOS	6	i686	389-ds-base-devel	< 1.2.11.15-34.el6_5	389-ds-base-devel-1.2.11.15-34.el6_5.i686.rpm
CentOS	6	x86_64	389-ds-base-devel	< 1.2.11.15-34.el6_5	389-ds-base-devel-1.2.11.15-34.el6_5.x86_64.rpm
CentOS	6	i686	389-ds-base-libs	< 1.2.11.15-34.el6_5	389-ds-base-libs-1.2.11.15-34.el6_5.i686.rpm
CentOS	6	x86_64	389-ds-base-libs	< 1.2.11.15-34.el6_5	389-ds-base-libs-1.2.11.15-34.el6_5.x86_64.rpm
CentOS	7	x86_64	389-ds-base	< 1.3.1.6-26.el7_0	389-ds-base-1.3.1.6-26.el7_0.x86_64.rpm
CentOS	7	x86_64	389-ds-base-devel	< 1.3.1.6-26.el7_0	389-ds-base-devel-1.3.1.6-26.el7_0.x86_64.rpm