- Issued:
- 2021-10-12
- Updated:
- 2021-10-12
RHSA-2021:3807 - Security Advisory
Synopsis
Low: 389-ds-base security and bug fix update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
- 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- A plugin can create an index. Even if the index can be used immediately (for
searches) the index remains offline until further reindex (BZ#2005399)
- In some rare case, a replication connection may be treated as a regular connection and ACIs evaluated even if they should not. (BZ#2005434)
- A regular connection can be erroneously flagged replication connection (BZ#2005435)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the 389 server service will be restarted automatically.
Affected Products
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Fixes
- BZ - 1982782 - CVE-2021-3652 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed
- BZ - 2005399 - Internal unindexed searches in syncrepl
- BZ - 2005434 - ACIs are being evaluated against the Replication Manager account in a replication context.
- BZ - 2005435 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| x86_64 | |
| 389-ds-base-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 1de921c672950d3253982d26683797fb8f874d502dabda679e8133ab28b2e86d |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-devel-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 97fdb12179aaeccc377b242fef124474085f5aadaa3d8c302cef7115f361371e |
| 389-ds-base-libs-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: b9f096369a005e9deec4ded391353f9117adc272c18062ee1c4d260819da722a |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d4d13097781592878f69a2957b7a3d040febd30fcd940c740efb2080fdb10988 |
Red Hat Enterprise Linux Workstation 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| x86_64 | |
| 389-ds-base-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 1de921c672950d3253982d26683797fb8f874d502dabda679e8133ab28b2e86d |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-devel-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 97fdb12179aaeccc377b242fef124474085f5aadaa3d8c302cef7115f361371e |
| 389-ds-base-libs-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: b9f096369a005e9deec4ded391353f9117adc272c18062ee1c4d260819da722a |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d4d13097781592878f69a2957b7a3d040febd30fcd940c740efb2080fdb10988 |
Red Hat Enterprise Linux Desktop 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| x86_64 | |
| 389-ds-base-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 1de921c672950d3253982d26683797fb8f874d502dabda679e8133ab28b2e86d |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-devel-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 97fdb12179aaeccc377b242fef124474085f5aadaa3d8c302cef7115f361371e |
| 389-ds-base-libs-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: b9f096369a005e9deec4ded391353f9117adc272c18062ee1c4d260819da722a |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d4d13097781592878f69a2957b7a3d040febd30fcd940c740efb2080fdb10988 |
Red Hat Enterprise Linux for IBM z Systems 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| s390x | |
| 389-ds-base-1.3.10.2-13.el7_9.s390x.rpm | SHA-256: eeb286e4deef7863ae7c2a824e69f32a10665765bd4207e76d2243340060895e |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.s390x.rpm | SHA-256: b2e89989546a88b18f167b3ee190b0d0dfef98eee193a789b3c0461b88f89840 |
| 389-ds-base-devel-1.3.10.2-13.el7_9.s390x.rpm | SHA-256: 996d0784dd6661d75d715db8935c89ac793eb05eb09fa9ed2c8ce1c4489497d4 |
| 389-ds-base-libs-1.3.10.2-13.el7_9.s390x.rpm | SHA-256: 4c087a920563b0998f16d84a46b971abc128405c0efc3b83ee33215f0ec6afea |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.s390x.rpm | SHA-256: 8ff194bcacf3a66a5ea56989481359ed5402629667946dbe759c411156b1ab4d |
Red Hat Enterprise Linux for Power, big endian 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| ppc64 | |
| 389-ds-base-1.3.10.2-13.el7_9.ppc64.rpm | SHA-256: f680cf1032ba093c2adc44dfcab06386c693e25ac02e980d1d804f20f2d55709 |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.ppc64.rpm | SHA-256: b42d92fe07cfbd4c16d34cfce9b44dfcb7509c9a78d2b19a60a3dbe5d03f78a2 |
| 389-ds-base-devel-1.3.10.2-13.el7_9.ppc64.rpm | SHA-256: f58685b9e68c143f4fad73fd0aecbaddb919a04e048ac1cf137ea5a06ba53b03 |
| 389-ds-base-libs-1.3.10.2-13.el7_9.ppc64.rpm | SHA-256: 83c6ed0714c5cb4d566cc31dad9c2bf133d911c1b7e3ef26bf5d7554830a17e1 |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.ppc64.rpm | SHA-256: 5ed5b2685a211fe0fcf19f5f5aedac10a2e88f5aa67857ae7a2b48e2135310c7 |
Red Hat Enterprise Linux for Scientific Computing 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| x86_64 | |
| 389-ds-base-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 1de921c672950d3253982d26683797fb8f874d502dabda679e8133ab28b2e86d |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d54ca01967dd7cf69f34c52735665695c59b6ac09428c638be63ec81c0ec973f |
| 389-ds-base-devel-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: 97fdb12179aaeccc377b242fef124474085f5aadaa3d8c302cef7115f361371e |
| 389-ds-base-libs-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: b9f096369a005e9deec4ded391353f9117adc272c18062ee1c4d260819da722a |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.x86_64.rpm | SHA-256: d4d13097781592878f69a2957b7a3d040febd30fcd940c740efb2080fdb10988 |
Red Hat Enterprise Linux for Power, little endian 7
| SRPM | |
|---|---|
| 389-ds-base-1.3.10.2-13.el7_9.src.rpm | SHA-256: 02ae875bbee1d6a49b65eaf7d095b2326b8cadea4021656a61ae16cf7248d3f8 |
| ppc64le | |
| 389-ds-base-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: bd825abb4731f72fee9be85df0201bc7b353c3e142c8fa9528b7d0e44adbb499 |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: d33ed3526a566cd7bd91b8fc1da4eceeafed9e9c327c3782a083cd293ac6f637 |
| 389-ds-base-debuginfo-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: d33ed3526a566cd7bd91b8fc1da4eceeafed9e9c327c3782a083cd293ac6f637 |
| 389-ds-base-devel-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: 36de23d5c6a2127de904c7f494f231d329549a5b0a62ba40e9e661738643b610 |
| 389-ds-base-libs-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: 3938defa0ad2f25ce7a92d8e479cf620116656a16d9c243f74d4be8cc58a9f84 |
| 389-ds-base-snmp-1.3.10.2-13.el7_9.ppc64le.rpm | SHA-256: a37bf3ce0a775422aafbe9d2f088f7c2ebc3e2aaae3b5da473d682692ee300ec |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.