Updated 389-ds-base packages fix security vulnerability

Fixed crypt handling of locked accounts. CVE-2021-3652...

openSUSE 15 Security Update : 389-ds (openSUSE-SU-2021:1211-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1211-1 advisory. - 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed CVE-2021-3652 Note that Nessus has not tested for this issue but...

openSUSE: Security Advisory for 389-ds (openSUSE-SU-2021:1211-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for 389-ds (moderate)

openSUSE Security Update: Security update for 389-ds Announcement ID: openSUSE-SU-2021:1211-1 Rating: moderate References: 1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.2 An update that...

SUSE-SU-2021:2857-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to version 1.4.3.24 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

SUSE-SU-2021:2801-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

OPENSUSE-SU-2021:2801-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Update to 1.4.4.16 - CVE-2021-3652: Fixed crypt handling of locked accounts. bsc1188455...

Security update for 389-ds (moderate)

openSUSE Security Update: Security update for 389-ds Announcement ID: openSUSE-SU-2021:2801-1 Rating: moderate References: 1188151 1188455 Cross-References: CVE-2021-3652 CVSS scores: CVE-2021-3652 SUSE: 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 An...

389-ds:1.4 security and bug fix update

1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin 1.4.3.16-18 - Bump version to 1.4.3.16-18 - Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed...

Debian DLA-2735-1 : ceph - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2735 advisory. - It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk...

Oracle Linux 8 : 389-ds:1.4 (ELSA-2021-3079)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3079 advisory. 1.4.3.16-19 - Bump version to 1.4.3.16-19 - Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync- plugin...

389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was...

Low: Red Hat Security Advisory: 389-ds:1.4 security and bug fix update

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Low: 389-ds:1.4 security and bug fix update

389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server and command-line utilities for server administration. Security Fixes: 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succee...

Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

SYS.2.3.A19

Festplatten oder die darauf abgespeicherten Dateien SOLLTEN verschluesselt werden. Die dazugehoerigen Schluessel SOLLTEN NICHT auf dem IT-System gespeichert werden. Es SOLLTEN AEAD-Verfahren Authenticated Encryption with Associated Data bei der Festplatten- und Dateiverschluesselung eingesetzt...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Buffer overflow

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

UBUNTU-CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...