Описание
ELSA-2021-3807: 389-ds-base security and bug fix update (LOW)
[1.3.10.2-13]
- Bump version to 1.3.10.2-13
- Resolves: Bug 2005399 - Internal unindexed searches in syncrepl
- Resolves: Bug 2005432 - CVE-2021-3652 389-ds:1.4/389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed
- Resolves: Bug 2005434 - ACIs are being evaluated against the Replication Manager account in a replication context.
- Resolves: Bug 2005435 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
389-ds-base
1.3.10.2-13.el7_9
389-ds-base-devel
1.3.10.2-13.el7_9
389-ds-base-libs
1.3.10.2-13.el7_9
389-ds-base-snmp
1.3.10.2-13.el7_9
Oracle Linux x86_64
389-ds-base
1.3.10.2-13.el7_9
389-ds-base-devel
1.3.10.2-13.el7_9
389-ds-base-libs
1.3.10.2-13.el7_9
389-ds-base-snmp
1.3.10.2-13.el7_9
Связанные CVE
Связанные уязвимости
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...
