(RHSA-2024:4633) Important: 389-ds-base security update

2024-07-1815:05:56

access.redhat.com

ldapv3 server

security update

denial of service

cve-2024-1062

cve-2024-2199

cve-2024-3657

cve-2024-5953

lightweight directory access protocol

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

Percentile

13.7%

JSON

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062)
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)
389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9aarch64389-ds-base-libs-debuginfo< 2.2.4-9.el9_2389-ds-base-libs-debuginfo-2.2.4-9.el9_2.aarch64.rpm
RedHat9ppc64le389-ds-base-libs< 2.2.4-9.el9_2389-ds-base-libs-2.2.4-9.el9_2.ppc64le.rpm
RedHat9aarch64389-ds-base-debugsource< 2.2.4-9.el9_2389-ds-base-debugsource-2.2.4-9.el9_2.aarch64.rpm
RedHat9aarch64389-ds-base< 2.2.4-9.el9_2389-ds-base-2.2.4-9.el9_2.aarch64.rpm
RedHat9x86_64389-ds-base-snmp-debuginfo< 2.2.4-9.el9_2389-ds-base-snmp-debuginfo-2.2.4-9.el9_2.x86_64.rpm
RedHat9s390x389-ds-base-snmp-debuginfo< 2.2.4-9.el9_2389-ds-base-snmp-debuginfo-2.2.4-9.el9_2.s390x.rpm
RedHat9noarchpython3-lib389< 2.2.4-9.el9_2python3-lib389-2.2.4-9.el9_2.noarch.rpm
RedHat9s390x389-ds-base-libs-debuginfo< 2.2.4-9.el9_2389-ds-base-libs-debuginfo-2.2.4-9.el9_2.s390x.rpm
RedHat9ppc64le389-ds-base< 2.2.4-9.el9_2389-ds-base-2.2.4-9.el9_2.ppc64le.rpm
RedHat9aarch64389-ds-base-debuginfo< 2.2.4-9.el9_2389-ds-base-debuginfo-2.2.4-9.el9_2.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	aarch64	389-ds-base-libs-debuginfo	< 2.2.4-9.el9_2	389-ds-base-libs-debuginfo-2.2.4-9.el9_2.aarch64.rpm
RedHat	9	ppc64le	389-ds-base-libs	< 2.2.4-9.el9_2	389-ds-base-libs-2.2.4-9.el9_2.ppc64le.rpm
RedHat	9	aarch64	389-ds-base-debugsource	< 2.2.4-9.el9_2	389-ds-base-debugsource-2.2.4-9.el9_2.aarch64.rpm
RedHat	9	aarch64	389-ds-base	< 2.2.4-9.el9_2	389-ds-base-2.2.4-9.el9_2.aarch64.rpm
RedHat	9	x86_64	389-ds-base-snmp-debuginfo	< 2.2.4-9.el9_2	389-ds-base-snmp-debuginfo-2.2.4-9.el9_2.x86_64.rpm
RedHat	9	s390x	389-ds-base-snmp-debuginfo	< 2.2.4-9.el9_2	389-ds-base-snmp-debuginfo-2.2.4-9.el9_2.s390x.rpm
RedHat	9	noarch	python3-lib389	< 2.2.4-9.el9_2	python3-lib389-2.2.4-9.el9_2.noarch.rpm
RedHat	9	s390x	389-ds-base-libs-debuginfo	< 2.2.4-9.el9_2	389-ds-base-libs-debuginfo-2.2.4-9.el9_2.s390x.rpm
RedHat	9	ppc64le	389-ds-base	< 2.2.4-9.el9_2	389-ds-base-2.2.4-9.el9_2.ppc64le.rpm
RedHat	9	aarch64	389-ds-base-debuginfo	< 2.2.4-9.el9_2	389-ds-base-debuginfo-2.2.4-9.el9_2.aarch64.rpm