389 security update

2022-10-2614:16:15

CentOS Project

lists.centos.org

0.001 Low

EPSS

Percentile

35.7%

JSON

CentOS Errata and Security Advisory CESA-2022:7087

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Import may break replication because changelog starting csn may not be created (BZ#2113056)

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2022-October/086326.html

Affected packages:
389-ds-base
389-ds-base-devel
389-ds-base-libs
389-ds-base-snmp

Upstream details at:
https://access.redhat.com/errata/RHSA-2022:7087

OSVersionArchitecturePackageVersionFilename
CentOS7x86_64389-ds-base< 1.3.10.2-17.el7_9389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm
CentOS7x86_64389-ds-base-devel< 1.3.10.2-17.el7_9389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm
CentOS7x86_64389-ds-base-libs< 1.3.10.2-17.el7_9389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm
CentOS7x86_64389-ds-base-snmp< 1.3.10.2-17.el7_9389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	x86_64	389-ds-base	< 1.3.10.2-17.el7_9	389-ds-base-1.3.10.2-17.el7_9.x86_64.rpm
CentOS	7	x86_64	389-ds-base-devel	< 1.3.10.2-17.el7_9	389-ds-base-devel-1.3.10.2-17.el7_9.x86_64.rpm
CentOS	7	x86_64	389-ds-base-libs	< 1.3.10.2-17.el7_9	389-ds-base-libs-1.3.10.2-17.el7_9.x86_64.rpm
CentOS	7	x86_64	389-ds-base-snmp	< 1.3.10.2-17.el7_9	389-ds-base-snmp-1.3.10.2-17.el7_9.x86_64.rpm