ELSA-2019-3981

Опубликовано: 27 нояб. 2019

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2019-3981: 389-ds-base security and bug fix update (IMPORTANT)

[1.3.9.1-12]

Bump version to 1.3.9.1-12
Resolves: Bug 1767622 - CleanAllRUV task limit not enforced

[1.3.9.1-11]

Bump version to 1.3.9.1-11
Resolves: Bug 1748198 - EMBARGOED CVE-2019-14824 389-ds-base: Read permission check bypass via the deref plugin
Resolves: Bug 1754831 - After audit log file is rotated, DS version string is logged after each update
Resolves: Bug 1763622 - Extremely slow LDIF import with ldif2db
Resolves: Bug 1763627 - ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex
Resolves: Bug 1749289 - DB Deadlock on modrdn appears to corrupt database and entry cache

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

389-ds-base

1.3.9.1-12.el7_7

389-ds-base-devel

1.3.9.1-12.el7_7

389-ds-base-libs

1.3.9.1-12.el7_7

389-ds-base-snmp

1.3.9.1-12.el7_7

Oracle Linux x86_64

389-ds-base

1.3.9.1-12.el7_7

389-ds-base-devel

1.3.9.1-12.el7_7

389-ds-base-libs

1.3.9.1-12.el7_7

389-ds-base-snmp

1.3.9.1-12.el7_7

Связанные CVE

CVE-2019-14824

Ссылки на источники

Связанные уязвимости

CVE-2019-14824

CVSS3: 6.5

ubuntu

больше 6 лет назад

A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.