Red Hat Product Errata RHSA-2018:3127 - Security Advisory

Issued:: 2018-10-30
Updated:: 2018-10-30

RHSA-2018:3127 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: 389-ds-base security, bug fix, and enhancement update

Type/Severity

Security Advisory: Moderate

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

The following packages have been upgraded to a later upstream version: 389-ds-base (1.3.8.4). (BZ#1560653)

Security Fix(es):

389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted automatically.

Affected Products

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1515190 - "Truncated search results" pop-up appears in user details in WebUI
BZ - 1525256 - Invalid SNMP MIB for 389 DS
BZ - 1541098 - ds-replcheck: add -W option to ask for the password from stdin instead of passing it on command line
BZ - 1544477 - IPA server is not responding, all authentication and admin tests failed
BZ - 1551063 - replica_write_ruv log a failure even when it succeeds
BZ - 1551065 - ds-replcheck LDIF comparision fails when checking for conflicts
BZ - 1551071 - memberof fails if group is moved into scope
BZ - 1552698 - replicated operations should be serialized.
BZ - 1556803 - ds-replcheck command returns traceback errors against empty ldif files when run in offline mode
BZ - 1556863 - ds-replcheck command for "LDAP with StartTLS" using -Z option should be more robust
BZ - 1559945 - adjustment of csn_generator can fail so next generated csn can be equal to the most recent one received
BZ - 1560653 - Rebase 389-ds-base in RHEL 7.6 to 1.3.8
BZ - 1566444 - crash in connection table / nunc-stans ?
BZ - 1567042 - ns-slapd segfaults with ERR - connection_release_nolock_ext - conn=0 fd=0 Attempt to release connection that is not acquired
BZ - 1568462 - disk monitoring setting the wrong default error log level
BZ - 1570033 - Errors log full of " WARN - keys2idl - recieved NULL idl from index_read_ext_allids, treating as empty set" messages
BZ - 1570649 - pwdhash segfaults when CRYPT storage scheme is used
BZ - 1574602 - Replication stops working when MemberOf plugin is enabled on hub and consumer
BZ - 1576485 - Upgrade script doesn't enable PBKDF password storage plug-in
BZ - 1581737 - passthrough plugin configured to do starttls does not work.
BZ - 1582092 - passwordMustChange attribute is not honored by a RO consumer if "Chain on Update" is implemented on the RO consumer
BZ - 1582747 - DS only accepts RSA and Fortezza cipher families
BZ - 1593807 - Fine grained password policy can impact search performance
BZ - 1596467 - IPA upgrade fails for latest ipa package
BZ - 1597384 - Async operations can hang when the server is running nunc-stans
BZ - 1597518 - ds-replcheck command returns traceback errors against ldif files having garbage content when run in offline mode
BZ - 1598186 - A search with the scope "one" returns a non-matching entry.
BZ - 1598478 - If a replica is created with a bindDNGroup, this group is taken into account only after bindDNGroupCheckInterval seconds
BZ - 1598718 - import fails if backend name is "default"
BZ - 1602425 - ipa user commands when used with '--random' or '--password' option returns 'Constraint violation: Pre-Encoded passwords are not valid' error
BZ - 1607078 - CVE-2018-10935 389-ds-base: ldapsearch with server side sort crashes the ldap server [rhel-7.6]
BZ - 1614501 - Disable nunc-stans by default
BZ - 1614820 - 389-ds-base: Crash in vslapd_log_emergency_error [rhel-7.6]
BZ - 1616412 - ipa certmap-match fails to find ipa user when altSecurityIdentities in mapping rule
BZ - 1630668 - CVE-2018-14648 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service

CVEs

CVE-2018-14648

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
x86_64
389-ds-base-1.3.8.4-15.el7.x86_64.rpm	SHA-256: c592e2b329cfc3ba936ed886e646209ebdf9a730ca78e867141c6531880df169
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm	SHA-256: ddeae410cb61897ff492c3ce90e33fcafc6dee2e35db5fb2675ed9fa2cef6ea5
389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 7c6a119296c2fd2377da56dd7ea9016b11c936e1adaa8e95a19dd9e5ecc9d6e5
389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 57b30dabf78a660791db79bb03a1f47d1ddd016fd358a2fa89f8e2ee8a0eb015

Red Hat Enterprise Linux Workstation 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
x86_64
389-ds-base-1.3.8.4-15.el7.x86_64.rpm	SHA-256: c592e2b329cfc3ba936ed886e646209ebdf9a730ca78e867141c6531880df169
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm	SHA-256: ddeae410cb61897ff492c3ce90e33fcafc6dee2e35db5fb2675ed9fa2cef6ea5
389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 7c6a119296c2fd2377da56dd7ea9016b11c936e1adaa8e95a19dd9e5ecc9d6e5
389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 57b30dabf78a660791db79bb03a1f47d1ddd016fd358a2fa89f8e2ee8a0eb015

Red Hat Enterprise Linux Desktop 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
x86_64
389-ds-base-1.3.8.4-15.el7.x86_64.rpm	SHA-256: c592e2b329cfc3ba936ed886e646209ebdf9a730ca78e867141c6531880df169
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm	SHA-256: ddeae410cb61897ff492c3ce90e33fcafc6dee2e35db5fb2675ed9fa2cef6ea5
389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 7c6a119296c2fd2377da56dd7ea9016b11c936e1adaa8e95a19dd9e5ecc9d6e5
389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 57b30dabf78a660791db79bb03a1f47d1ddd016fd358a2fa89f8e2ee8a0eb015

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
s390x
389-ds-base-1.3.8.4-15.el7.s390x.rpm	SHA-256: 5fe10f4d3d3ee7f625eb9e4c1a0efdf0cebc6be82f9069e68d69e49c29b3223d
389-ds-base-debuginfo-1.3.8.4-15.el7.s390x.rpm	SHA-256: bcdb171177019f8ea1ba271d463fc3277794a0b2bb67664dc000593b0f912f3a
389-ds-base-devel-1.3.8.4-15.el7.s390x.rpm	SHA-256: 75d25acda58526ccfc5eaa4f0f4773c334475af01ae4daee5ef98f831c8c5a41
389-ds-base-libs-1.3.8.4-15.el7.s390x.rpm	SHA-256: 6e6b519135e51b4f7a345b54f06722ead0f000d6cb0ce36a2378a98d333bcdf4
389-ds-base-snmp-1.3.8.4-15.el7.s390x.rpm	SHA-256: 1e45bb0341db25477fed8a08d6b66e701a26cac521ea8c746a052e58263f6787

Red Hat Enterprise Linux for Power, big endian 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
ppc64
389-ds-base-1.3.8.4-15.el7.ppc64.rpm	SHA-256: 076ed74155306c96c9ce0508b19f1a5c3e0485db1b4724507dff11eadf5bd530
389-ds-base-debuginfo-1.3.8.4-15.el7.ppc64.rpm	SHA-256: bda3e00f19001794957e7bd50617afda516d9a69f1164b1c8e0903f0f95127ed
389-ds-base-devel-1.3.8.4-15.el7.ppc64.rpm	SHA-256: bc33bc65ef4500ddd3a30d6ce6a307129ac863bf4068d351eaa71f9c81e3fc89
389-ds-base-libs-1.3.8.4-15.el7.ppc64.rpm	SHA-256: 3e24eec5788513b42eed5eeed9d29256890b79ae06d5d2d13f63917f5204830c
389-ds-base-snmp-1.3.8.4-15.el7.ppc64.rpm	SHA-256: 2e94cdd854e56fdfc3190d40ccd0851953dec0f961e135bdf2cc9f0003363d5c

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
x86_64
389-ds-base-1.3.8.4-15.el7.x86_64.rpm	SHA-256: c592e2b329cfc3ba936ed886e646209ebdf9a730ca78e867141c6531880df169
389-ds-base-debuginfo-1.3.8.4-15.el7.x86_64.rpm	SHA-256: f9eaac1d1c4f9985b1cae275a8ffbb6ec1e1c4557fb2e127d6d06d5c41444ecd
389-ds-base-devel-1.3.8.4-15.el7.x86_64.rpm	SHA-256: ddeae410cb61897ff492c3ce90e33fcafc6dee2e35db5fb2675ed9fa2cef6ea5
389-ds-base-libs-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 7c6a119296c2fd2377da56dd7ea9016b11c936e1adaa8e95a19dd9e5ecc9d6e5
389-ds-base-snmp-1.3.8.4-15.el7.x86_64.rpm	SHA-256: 57b30dabf78a660791db79bb03a1f47d1ddd016fd358a2fa89f8e2ee8a0eb015

Red Hat Enterprise Linux for Power, little endian 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
ppc64le
389-ds-base-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: e3cd25adcec2ad3c6a418c8826b19a4c240d1e82cb4b970c1ed82484c489df4b
389-ds-base-debuginfo-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 9ed9e2ef650194d7c005721bb347f4e75c68d33c44c3578f90395b2fdf008af2
389-ds-base-debuginfo-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 9ed9e2ef650194d7c005721bb347f4e75c68d33c44c3578f90395b2fdf008af2
389-ds-base-devel-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: c2596a11a7f2dc860e993f83c0f5d956a87fbf5b58cb670e7bd2e631d9ae076c
389-ds-base-libs-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 558d001af5b07ab280c52a678a2fa5b8683b11847da47799e460d2cb742983ad
389-ds-base-snmp-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 091d510cfc2c9592c3a5bea3ae63400e06caac7012b499f2d4d3cc4b6e44601f

Red Hat Enterprise Linux for ARM 64 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
aarch64
389-ds-base-1.3.8.4-15.el7.aarch64.rpm	SHA-256: 4f173a39794e69369fe01243f954c16bab56d8a3328580a1fb918bac05d73a00
389-ds-base-debuginfo-1.3.8.4-15.el7.aarch64.rpm	SHA-256: d6282d26a1d66000b628ae031a6413659c935c04af3baf31a743830c8ea19077
389-ds-base-debuginfo-1.3.8.4-15.el7.aarch64.rpm	SHA-256: d6282d26a1d66000b628ae031a6413659c935c04af3baf31a743830c8ea19077
389-ds-base-devel-1.3.8.4-15.el7.aarch64.rpm	SHA-256: 7d1c85bb95c9551e54cf0829c2930fa6cf1b44bf5a764f68e29fb480929f5724
389-ds-base-libs-1.3.8.4-15.el7.aarch64.rpm	SHA-256: e4f9946bdc5982d57f94cdd5b541ded6e59b43a0af84a61c8858240c2d2ff719
389-ds-base-snmp-1.3.8.4-15.el7.aarch64.rpm	SHA-256: c05961141163d7e5d28d94000d098422497a75366147984edd436b3afec18d63

Red Hat Enterprise Linux for Power 9 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
ppc64le
389-ds-base-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: e3cd25adcec2ad3c6a418c8826b19a4c240d1e82cb4b970c1ed82484c489df4b
389-ds-base-debuginfo-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 9ed9e2ef650194d7c005721bb347f4e75c68d33c44c3578f90395b2fdf008af2
389-ds-base-debuginfo-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 9ed9e2ef650194d7c005721bb347f4e75c68d33c44c3578f90395b2fdf008af2
389-ds-base-devel-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: c2596a11a7f2dc860e993f83c0f5d956a87fbf5b58cb670e7bd2e631d9ae076c
389-ds-base-libs-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 558d001af5b07ab280c52a678a2fa5b8683b11847da47799e460d2cb742983ad
389-ds-base-snmp-1.3.8.4-15.el7.ppc64le.rpm	SHA-256: 091d510cfc2c9592c3a5bea3ae63400e06caac7012b499f2d4d3cc4b6e44601f

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
389-ds-base-1.3.8.4-15.el7.src.rpm	SHA-256: a3d2e0411b62a09c4c5380b776d42aa21262dc3be498fd3545ce8069b53c4cd6
s390x
389-ds-base-1.3.8.4-15.el7.s390x.rpm	SHA-256: 5fe10f4d3d3ee7f625eb9e4c1a0efdf0cebc6be82f9069e68d69e49c29b3223d
389-ds-base-debuginfo-1.3.8.4-15.el7.s390x.rpm	SHA-256: bcdb171177019f8ea1ba271d463fc3277794a0b2bb67664dc000593b0f912f3a
389-ds-base-devel-1.3.8.4-15.el7.s390x.rpm	SHA-256: 75d25acda58526ccfc5eaa4f0f4773c334475af01ae4daee5ef98f831c8c5a41
389-ds-base-libs-1.3.8.4-15.el7.s390x.rpm	SHA-256: 6e6b519135e51b4f7a345b54f06722ead0f000d6cb0ce36a2378a98d333bcdf4
389-ds-base-snmp-1.3.8.4-15.el7.s390x.rpm	SHA-256: 1e45bb0341db25477fed8a08d6b66e701a26cac521ea8c746a052e58263f6787

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories