Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
Security fixes:
- CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242666)
Other fixes:
- Enable memory accounting as SUSE disables it by default (bsc#1241016).
- Fix dsidm service get_dn option failing (bsc#1241988)
- Version update 2.2.10~git99.aa5d0ecbf Various fixes and solved issues from github repository
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
389-ds-2.2.10~git99.aa5d0ecbf-150500.3.36.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150500.3.36.1
lib389-2.2.10~git99.aa5d0ecbf-150500.3.36.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
389-ds-2.2.10~git99.aa5d0ecbf-150500.3.36.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150500.3.36.1
lib389-2.2.10~git99.aa5d0ecbf-150500.3.36.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise Server 15 SP5-LTSS
389-ds-2.2.10~git99.aa5d0ecbf-150500.3.36.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150500.3.36.1
lib389-2.2.10~git99.aa5d0ecbf-150500.3.36.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
389-ds-2.2.10~git99.aa5d0ecbf-150500.3.36.1
389-ds-devel-2.2.10~git99.aa5d0ecbf-150500.3.36.1
lib389-2.2.10~git99.aa5d0ecbf-150500.3.36.1
libsvrcore0-2.2.10~git99.aa5d0ecbf-150500.3.36.1
Ссылки
- Link for SUSE-SU-2025:01807-1
- E-Mail link for SUSE-SU-2025:01807-1
- SUSE Security Ratings
- SUSE Bug 1241016
- SUSE Bug 1241988
- SUSE Bug 1242666
- SUSE CVE CVE-2025-3416 page
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:389-ds-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:389-ds-devel-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:lib389-2.2.10~git99.aa5d0ecbf-150500.3.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsvrcore0-2.2.10~git99.aa5d0ecbf-150500.3.36.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599