Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- Update to version 1.4.4.20~git3.e7ac6d87:
- CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. (bsc#1225512)
- CVE-2024-5953: Malformed userPassword hashes may cause a denial of service. (bsc#1226277)
- CVE-2024-2199: Malformed userPassword may cause crash at do_modify in slapd/modify.c. (bsc#1225507)
Список пакетов
SUSE Enterprise Storage 7.1
389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Linux Enterprise Server 15 SP3-LTSS
389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
Ссылки
- Link for SUSE-SU-2024:3257-1
- E-Mail link for SUSE-SU-2024:3257-1
- SUSE Security Ratings
- SUSE Bug 1225507
- SUSE Bug 1225512
- SUSE Bug 1226277
- SUSE CVE CVE-2024-2199 page
- SUSE CVE CVE-2024-3657 page
- SUSE CVE CVE-2024-5953 page
Описание
A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input.
Затронутые продукты
SUSE Enterprise Storage 7.1:389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
Ссылки
- CVE-2024-2199
- SUSE Bug 1225507
Описание
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service
Затронутые продукты
SUSE Enterprise Storage 7.1:389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
Ссылки
- CVE-2024-3657
- SUSE Bug 1225512
Описание
A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password.
Затронутые продукты
SUSE Enterprise Storage 7.1:389-ds-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:389-ds-devel-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:lib389-1.4.4.20~git3.e7ac6d87-150300.3.35.1
SUSE Enterprise Storage 7.1:libsvrcore0-1.4.4.20~git3.e7ac6d87-150300.3.35.1
Ссылки
- CVE-2024-5953
- SUSE Bug 1226277