Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-3079

Опубликовано: 12 авг. 2021
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2021-3079: 389-ds:1.4 security and bug fix update (LOW)

[1.4.3.16-19]

  • Bump version to 1.4.3.16-19
  • Resolve: Bug 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin

[1.4.3.16-18]

  • Bump version to 1.4.3.16-18
  • Resolve: Bug 1983121 - CRYPT password hash with asterisk allows any bind attempt to succeed

[1.4.3.16-17]

  • Bump version to 1.4.3.16-17
  • Resolve: Bug 1983095 - Internal unindexed searches in syncrepl
  • Resolve: Bug 1980063 - IPA installation fails on s390x with 389-ds-base-1.4.3.8-4.module+el8.3.0+7193+dfd1e8ad.s390x

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module 389-ds:1.4 is enabled

389-ds-base

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-devel

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-legacy-tools

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-libs

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-snmp

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

python3-lib389

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

Oracle Linux x86_64

Module 389-ds:1.4 is enabled

389-ds-base

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-devel

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-legacy-tools

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-libs

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

389-ds-base-snmp

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

python3-lib389

1.4.3.16-19.module+el8.4.0+20279+846fb4fe

Связанные CVE

CVE-2021-3652

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2021-3652

CVSS3: 6.5
ubuntu
больше 3 лет назад

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

redhat логотип

CVE-2021-3652

CVSS3: 6.5
redhat
больше 4 лет назад

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

nvd логотип

CVE-2021-3652

CVSS3: 6.5
nvd
больше 3 лет назад

A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.

debian логотип

CVE-2021-3652

CVSS3: 6.5
debian
больше 3 лет назад

A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...

suse-cvrf логотип

openSUSE-SU-2021:2801-1

suse-cvrf
больше 4 лет назад

Security update for 389-ds