Red Hat Product Errata RHSA-2021:1086 - Security Advisory

Issued:: 2021-04-06
Updated:: 2021-04-06

RHSA-2021:1086 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: 389-ds:1.4 security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

dscreate would not always set the correct hostname for the self-signed certificate database (BZ#1912481)
Indexing a heavily nested database could fail and it would corrupt the database (BZ#1936461)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 1905565 - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN
BZ - 1908705 - CVE-2020-35518 389-ds:1.4/389-ds-base: information disclosure during the binding of a DN [rhel-8.3.0.z]
BZ - 1912481 - Server-Cert.crt created using dscreate has Subject:CN =localhost instead of hostname. [rhel-8.3.0.z]
BZ - 1936461 - A failed re-indexing leaves the database in broken state. [rhel-8.3.0.z]

CVEs

CVE-2020-35518

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.src.rpm	SHA-256: 957660c4e1a26c5820a1a88a30c46461b9c5105de590733b8c78e2bc4c52fb15
x86_64
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 0c0b7a1bbc944ff2cb1c26a8235a16ea313fb412a4d0ed505dd39320b332e163
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: c97215cec5f9c2ccabc75aa5345710ade80212383827c5e7aa5ee70c15e05516
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 2567e656a054fb005868f6c99d15ee6507f87cfe48f47f2928a0c66963db16f1
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 65dfaef343d3428d687b9df2bcf7c35200e49a13c54a56f1a85f19ca368227e1
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 5afd5e1419033fa771db72cc0e57b8617bd40c991ef7ebd30eed2e96d03115b5
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: ff38518263d08ac70c06e2c967088c7a9cb4269c55dd97208fd918331fbe6f56
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 0190f15bbbfb95e0c2fd3844b471814edffe2ed82037f63df090ab800140115f
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: 7aff8b3ebc5539b517143e25aeecd40aef3966e6723d19ffc652304af40d4a90
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: dc5edc72c0132e64efb55f005cfd69f0252704e44c7f9f656746f221286b9994
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm	SHA-256: a1310c4ddadb77ebed90dfeb95397d9936e4cafba1448ff1e5d740bdc0907351
python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm	SHA-256: 2bc703f15c35c3c966036f1967a68c0c4a05986e276e287d90799655eef7f61c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.src.rpm	SHA-256: 957660c4e1a26c5820a1a88a30c46461b9c5105de590733b8c78e2bc4c52fb15
s390x
python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm	SHA-256: 2bc703f15c35c3c966036f1967a68c0c4a05986e276e287d90799655eef7f61c
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 205723739a58f2742bd8ab627476ed43b72cf18c9bd48081cfd9698e57de21ce
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 1bb549bcd02ed3b42c51e596b4184e009f7e7785bf7ebf5ac86d5bf9d9bcdfc8
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: a3b8d4ebef1adb2a94acfbaba2dceb674cf0e92c12f0052f1cd592cb26f5e6a4
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: c0be67ee73e5a92c923c9a5167b5554be486493d46318ef06b53f180b39b9d1c
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 200d566da7a4b1aeb4561dca9f6f0fd13ffc85767f58cfa5b981a6ee6d931537
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: b48b40647353a0c350805c15c30ae769a93e57a94c78e48009828983f35ae660
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 7949c805f2bc8288f62d55ddd2e3e4a7f4b8a54d3f94166882b3cfa4321fdc00
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: f80d32877809c098c2707064e99bcfd5deb57c8e3236970e1471fe242b172563
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 7c939c8a244616561dc1c240cece39f20cd6da10f69cf50c34298ce78a5d7593
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm	SHA-256: 90a49fb26d3572afae7561bad4e21515c6aea2247f52d94852252ee7b031c205

Red Hat Enterprise Linux for Power, little endian 8

SRPM
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.src.rpm	SHA-256: 957660c4e1a26c5820a1a88a30c46461b9c5105de590733b8c78e2bc4c52fb15
ppc64le
python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm	SHA-256: 2bc703f15c35c3c966036f1967a68c0c4a05986e276e287d90799655eef7f61c
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 26cfdca8c25e6809298a1fbf7db22c98706def306df3f868905d67a2350d278e
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 903bc0c1a31421ca34ffa5f1685be1f1ad0365d85f7cb0dda6f45eb80d5d3143
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 1d8bd279a6db5914299908a12db090d4b2974c8f81ac27ef84df559fd5727b5e
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 318bf5660556e70d1945292fc29cf056df9b2b4b6e33a4ba93b9cc577f505f70
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 023d229621fb2f7a975b545c69a3d0b2151dc4937fa5238dc9a96cf3bc02084e
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: dad6645d323834a7458c25ac90bc8ccecca4e065062b7c5df865ec86d55dce4b
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 8a72f5bb41a6828e3de535347cff7c9c6462b80adde35125c259ae2ac5a73b8c
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: e03193bb2e04da9c1ac8ccc7dbb52b99b5a7a316af3a203edb1ee6ead0859b9c
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: 7af5b5188d6213c299727289aa3189470a32652d05ad49cebc9fc3bf7834239c
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm	SHA-256: ecdc23b211bd9ba7c0002e658e69c660b1648d9c13bfa2f8dfe39373f372ca80

Red Hat Enterprise Linux for ARM 64 8

SRPM
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.src.rpm	SHA-256: 957660c4e1a26c5820a1a88a30c46461b9c5105de590733b8c78e2bc4c52fb15
aarch64
python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm	SHA-256: 2bc703f15c35c3c966036f1967a68c0c4a05986e276e287d90799655eef7f61c
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 66545e2ce99b1901461648f601bd55e70fbc2d67f03f7019321a5d40bc4ac70f
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 38c7b973256144636b501663b78cf68450ac770dcc7496a34d058edfa6a47bb4
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 1e7245c9d2ec6d92d1b75a65518e2df4b0b04b75dcf42d8cae28fed504930348
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 62dd2b8200f3d3350ba33f6d2a28158a9397d6209ad62c882677bd325e76f452
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 2a79f0da65d0eaa331bdcacd27479117dbbdaa5c9a5d5ea7c5422bbdb7b64f3d
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 97b1f3150ff7fcc1a08b2239f28ea3bc297cd492b8dbac13d4e6a8d39dcb179d
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 74172b497fc8c99d9d8983ebc026327d5413e90de0bd2f12f5f7ec12e1c7fa53
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 7d5113b40594a17af90770d0d7124a130c5552ab63098a1d6a6e68479178f1c0
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 737cd12007b2d170272e8e7a87b3dbf05f092014449e2b604aa4c8b41eef9838
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm	SHA-256: 4decba2a1608644d1f6172d7d3a09c57dfa0efa6b8c2255569d28a82b8aa6a47

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories