Описание
Moderate: 389-ds:1.4 security and bug fix update
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
- 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() (CVE-2021-3514)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
ACIs are being evaluated against the Replication Manager account in a replication context. (BZ#1968588)
-
A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule (BZ#1970791)
-
Large updates can reset the CLcache to the beginning of the changelog (BZ#1972721)
-
Changelog cache can upload updates from a wrong starting point (CSN) (BZ#1972738)
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1952907
- Red Hat - 1960720
- Red Hat - 1968588
- Red Hat - 1970791
- Red Hat - 1972721
- Red Hat - 1972738
Связанные уязвимости
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash.
When using a sync_repl client in 389-ds-base, an authenticated attacke ...
