Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- Update to version 2.0.20
- CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. (bsc#1225512)
- CVE-2024-5953: Malformed userPassword hashes may cause a denial of service. (bsc#1226277)
- CVE-2024-2199: Malformed userPassword may cause crash at do_modify in slapd/modify.c. (bsc#1225507)
- CVE-2024-1062: Fixed a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in log_entry_attr. (bsc#1219836)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise Server 15 SP4-LTSS
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Manager Proxy 4.3
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Manager Server 4.3
389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
lib389-2.0.20~git9.5e2d637c-150400.3.42.3
libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
Ссылки
- Link for SUSE-SU-2024:3218-1
- E-Mail link for SUSE-SU-2024:3218-1
- SUSE Security Ratings
- SUSE Bug 1219836
- SUSE Bug 1225507
- SUSE Bug 1225512
- SUSE Bug 1226277
- SUSE CVE CVE-2024-1062 page
- SUSE CVE CVE-2024-2199 page
- SUSE CVE CVE-2024-3657 page
- SUSE CVE CVE-2024-5953 page
Описание
A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
Ссылки
- CVE-2024-1062
- SUSE Bug 1219836
Описание
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
Ссылки
- CVE-2024-2199
- SUSE Bug 1225507
Описание
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
Ссылки
- CVE-2024-3657
- SUSE Bug 1225512
Описание
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:lib389-2.0.20~git9.5e2d637c-150400.3.42.3
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3
Ссылки
- CVE-2024-5953
- SUSE Bug 1226277