Описание
Security update for 389-ds
This update for 389-ds fixes the following issues:
- Update to 1.4.4.16
- CVE-2021-3652: Fixed crypt handling of locked accounts. (bsc#1188455)
Список пакетов
openSUSE Leap 15.3
389-ds-1.4.4.16~git16.c1926dfc6-3.4.1
389-ds-devel-1.4.4.16~git16.c1926dfc6-3.4.1
389-ds-snmp-1.4.4.16~git16.c1926dfc6-3.4.1
lib389-1.4.4.16~git16.c1926dfc6-3.4.1
libsvrcore0-1.4.4.16~git16.c1926dfc6-3.4.1
Ссылки
- E-Mail link for openSUSE-SU-2021:2801-1
- SUSE Security Ratings
- SUSE Bug 1188151
- SUSE Bug 1188455
- SUSE CVE CVE-2021-3652 page
Описание
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled.
Затронутые продукты
openSUSE Leap 15.3:389-ds-1.4.4.16~git16.c1926dfc6-3.4.1
openSUSE Leap 15.3:389-ds-devel-1.4.4.16~git16.c1926dfc6-3.4.1
openSUSE Leap 15.3:389-ds-snmp-1.4.4.16~git16.c1926dfc6-3.4.1
openSUSE Leap 15.3:lib389-1.4.4.16~git16.c1926dfc6-3.4.1
Ссылки
- CVE-2021-3652
- SUSE Bug 1188455