Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: 389-ds-base security, bug fix, and enhancement update

Related Vulnerabilities: CVE-2018-14648   CVE-2018-10935   CVE-2018-14648   CVE-2018-14648  

Source

Synopsis

Moderate: 389-ds-base security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

The following packages have been upgraded to a later upstream version: 389-ds-base (1.3.8.4). (BZ#1560653)

Security Fix(es):

  • 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1515190 - "Truncated search results" pop-up appears in user details in WebUI
  • BZ - 1525256 - Invalid SNMP MIB for 389 DS
  • BZ - 1541098 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line
  • BZ - 1544477 - IPA server is not responding, all authentication and admin tests failed
  • BZ - 1551063 - replica_write_ruv log a failure even when it succeeds
  • BZ - 1551065 - ds-replcheck LDIF comparision fails when checking for conflicts
  • BZ - 1551071 - memberof fails if group is moved into scope
  • BZ - 1552698 - replicated operations should be serialized.
  • BZ - 1556803 - ds-replcheck command returns traceback errors against empty ldif files when run in offline mode
  • BZ - 1556863 - ds-replcheck command for "LDAP with StartTLS" using -Z option should be more robust
  • BZ - 1559945 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received
  • BZ - 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8
  • BZ - 1566444 - crash in connection table / nunc-stans ?
  • BZ - 1567042 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired
  • BZ - 1568462 - disk monitoring setting the wrong default error log level
  • BZ - 1570033 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages
  • BZ - 1570649 - pwdhash segfaults when CRYPT storage scheme is used
  • BZ - 1574602 - Replication stops working when MemberOf plugin is enabled on hub and consumer
  • BZ - 1576485 - Upgrade script doesn't enable PBKDF password storage plug-in
  • BZ - 1581737 - passthrough plugin configured to do starttls does not work.
  • BZ - 1582092 - passwordMustChange attribute is not honored by a RO consumer if "Chain on Update" is implemented on the RO consumer
  • BZ - 1582747 - DS only accepts RSA and Fortezza cipher families
  • BZ - 1593807 - Fine grained password policy can impact search performance
  • BZ - 1596467 - IPA upgrade fails for latest ipa package
  • BZ - 1597384 - Async operations can hang when the server is running nunc-stans
  • BZ - 1597518 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode
  • BZ - 1598186 - A search with the scope "one" returns a non-matching entry.
  • BZ - 1598478 - If a replica is created with a bindDNGroup, this group is taken into account only after bindDNGroupCheckInterval seconds
  • BZ - 1598718 - import fails if backend name is "default"
  • BZ - 1602425 - ipa user commands when used with '--random' or '--password' option returns 'Constraint violation: Pre-Encoded passwords are not valid' error
  • BZ - 1607078 - CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.6]
  • BZ - 1614501 - Disable nunc-stans by default
  • BZ - 1614820 - 389-ds-base: Crash in vslapd_log_emergency_error [rhel-7.6]
  • BZ - 1616412 - ipa certmap-match fails to find ipa user when altSecurityIdentities in mapping rule
  • BZ - 1630668 - CVE-2018-14648 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started