Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- 389-ds was updated to version 1.4.3.19
- CVE-2020-35518: Fixed an information disclosure during the binding of a DN (bsc#1181159).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP2
389-ds-1.4.3.19~git0.bef0b5bed-3.12.1
389-ds-devel-1.4.3.19~git0.bef0b5bed-3.12.1
lib389-1.4.3.19~git0.bef0b5bed-3.12.1
libsvrcore0-1.4.3.19~git0.bef0b5bed-3.12.1
Ссылки
- Link for SUSE-SU-2021:0724-1
- E-Mail link for SUSE-SU-2021:0724-1
- SUSE Security Ratings
- SUSE Bug 1181159
- SUSE CVE CVE-2020-35518 page
Описание
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-1.4.3.19~git0.bef0b5bed-3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-devel-1.4.3.19~git0.bef0b5bed-3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:lib389-1.4.3.19~git0.bef0b5bed-3.12.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:libsvrcore0-1.4.3.19~git0.bef0b5bed-3.12.1
Ссылки
- CVE-2020-35518
- SUSE Bug 1181159