- Issued:
- 2017-04-11
- Updated:
- 2017-04-11
RHSA-2017:0893 - Security Advisory
Synopsis
Important: 389-ds-base security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for 389-ds-base is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
- An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668)
Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.
Bug Fix(es):
- Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax. (BZ#1435365)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the 389 server service will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 6 x86_64
- Red Hat Enterprise Linux Server 6 i386
- Red Hat Enterprise Linux Workstation 6 x86_64
- Red Hat Enterprise Linux Workstation 6 i386
- Red Hat Enterprise Linux Desktop 6 x86_64
- Red Hat Enterprise Linux Desktop 6 i386
- Red Hat Enterprise Linux for Scientific Computing 6 x86_64
Fixes
- BZ - 1435365 - Unable to dereference unqiemember attribute because it is dn [#UID] not dn syntax
- BZ - 1436575 - CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 6
| SRPM | |
|---|---|
| 389-ds-base-1.2.11.15-91.el6_9.src.rpm | SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652 |
| x86_64 | |
| 389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73 |
| i386 | |
| 389-ds-base-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
Red Hat Enterprise Linux Workstation 6
| SRPM | |
|---|---|
| 389-ds-base-1.2.11.15-91.el6_9.src.rpm | SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652 |
| x86_64 | |
| 389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73 |
| i386 | |
| 389-ds-base-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
Red Hat Enterprise Linux Desktop 6
| SRPM | |
|---|---|
| 389-ds-base-1.2.11.15-91.el6_9.src.rpm | SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652 |
| x86_64 | |
| 389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73 |
| i386 | |
| 389-ds-base-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 248fb28c2e6f59fd375fb01958da022424fb4c88efdf6f07eb2018c75f48645a |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
Red Hat Enterprise Linux for Scientific Computing 6
| SRPM | |
|---|---|
| 389-ds-base-1.2.11.15-91.el6_9.src.rpm | SHA-256: 3167af0d4eb76f03f03f034b66d0a41fe0a5b9c71ecbac500f5bb761e9bf2652 |
| x86_64 | |
| 389-ds-base-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 7647d7978be9793f1685020ef7d73217c884737486734083ff521ac400adb31f |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.i686.rpm | SHA-256: aca8184b9c7d7a7d71baff358cea71c098a3b8fb1455bae6617cf543904f8ebc |
| 389-ds-base-debuginfo-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 5105cc8df848c6fa91b0c550f1d7510cd1f2185784d62229c485c593f3b83142 |
| 389-ds-base-devel-1.2.11.15-91.el6_9.i686.rpm | SHA-256: 25c7ac520dffc29168c47ca523a5aedb59071d5928b74bf542362d3a6bbee21c |
| 389-ds-base-devel-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 3b0eebf22eb1951a188296c16709bcc21d2d5a0039427f2dbdc1ff5e02056bd0 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.i686.rpm | SHA-256: e827607545b6bcc86c84f42c43f43fe679b15c5a7f4208363e3fb9347ef9fc54 |
| 389-ds-base-libs-1.2.11.15-91.el6_9.x86_64.rpm | SHA-256: 8e3f1c45196495b95ec5c3dc9416ce02a6fb1221e35ef71c382ff3eda7abca73 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.