Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
Security fixes:
- CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242666)
Other fixes:
- Enable memory accounting as SUSE disables it by default (bsc#1241016).
- Fix dsidm service get_dn option failing (bsc#1241988)
- Version update 2.2.10~git99.aa5d0ecbf Various fixes and solved issues from github repository
Список пакетов
Container suse/389-ds:latest
389-ds-2.2.10~git99.aa5d0ecbf-150600.8.20.1
lib389-2.2.10~git99.aa5d0ecbf-150600.8.20.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150600.8.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP6
389-ds-2.2.10~git99.aa5d0ecbf-150600.8.20.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150600.8.20.1
lib389-2.2.10~git99.aa5d0ecbf-150600.8.20.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150600.8.20.1
openSUSE Leap 15.6
389-ds-2.2.10~git99.aa5d0ecbf-150600.8.20.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150600.8.20.1
389-ds-snmp-2.2.10~git99.aa5d0ecbf-150600.8.20.1
lib389-2.2.10~git99.aa5d0ecbf-150600.8.20.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150600.8.20.1
Ссылки
- Link for SUSE-SU-2025:01806-1
- E-Mail link for SUSE-SU-2025:01806-1
- SUSE Security Ratings
- SUSE Bug 1241016
- SUSE Bug 1241988
- SUSE Bug 1242666
- SUSE CVE CVE-2025-3416 page
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
Container suse/389-ds:latest:389-ds-2.2.10~git99.aa5d0ecbf-150600.8.20.1
Container suse/389-ds:latest:lib389-2.2.10~git99.aa5d0ecbf-150600.8.20.1
Container suse/389-ds:latest:libsvrcore0-2.2.10~git99.aa5d0ecbf-150600.8.20.1
SUSE Linux Enterprise Module for Server Applications 15 SP6:389-ds-2.2.10~git99.aa5d0ecbf-150600.8.20.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599