Описание
ELSA-2021-1086: 389-ds:1.4 security and bug fix update (MODERATE)
[1.4.3.8-7]
- Bump version to 1.4.3.8-7
- Resolves: Bug 1908705 - CVE-2020-35518 389-ds:1.4/389-ds-base: information disclosure during the binding of a DN
- Resolves: Bug 1936461 - A failed re-indexing leaves the database in broken state.
- Resolves: Bug 1912481 - Server-Cert.crt created using dscreate has Subject:CN =localhost instead of hostname.
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module 389-ds:1.4 is enabled
389-ds-base
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-devel
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-legacy-tools
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-libs
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-snmp
1.4.3.8-7.module+el8.3.0+20006+53cafd96
python3-lib389
1.4.3.8-7.module+el8.3.0+20006+53cafd96
Oracle Linux x86_64
Module 389-ds:1.4 is enabled
389-ds-base
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-devel
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-legacy-tools
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-libs
1.4.3.8-7.module+el8.3.0+20006+53cafd96
389-ds-base-snmp
1.4.3.8-7.module+el8.3.0+20006+53cafd96
python3-lib389
1.4.3.8-7.module+el8.3.0+20006+53cafd96
Связанные CVE
Связанные уязвимости
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
When binding against a DN during authentication, the reply from 389-ds ...
