Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- Update to version 1.4.3.24
- CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP2
389-ds-1.4.3.24~git13.7b705e743-3.19.1
389-ds-devel-1.4.3.24~git13.7b705e743-3.19.1
lib389-1.4.3.24~git13.7b705e743-3.19.1
libsvrcore0-1.4.3.24~git13.7b705e743-3.19.1
Ссылки
- Link for SUSE-SU-2021:2857-1
- E-Mail link for SUSE-SU-2021:2857-1
- SUSE Security Ratings
- SUSE Bug 1188455
- SUSE CVE CVE-2021-3652 page
Описание
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-1.4.3.24~git13.7b705e743-3.19.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:389-ds-devel-1.4.3.24~git13.7b705e743-3.19.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:lib389-1.4.3.24~git13.7b705e743-3.19.1
SUSE Linux Enterprise Module for Server Applications 15 SP2:libsvrcore0-1.4.3.24~git13.7b705e743-3.19.1
Ссылки
- CVE-2021-3652
- SUSE Bug 1188455