Red Hat Product Errata RHSA-2022:0628 - Security Advisory
Issued:
2022-02-22
Updated:
2022-02-22

RHSA-2022:0628 - Security Advisory

Synopsis

Low: 389-ds-base security and bug fix update

Type/Severity

Security Advisory: Low

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

  • 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • CSN generator can adjust wrongly the local and remote offsets used to generate a CSN (BZ#2049812)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the 389 server service will be restarted automatically.

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 2030307 - CVE-2021-4091 389-ds-base: double-free of the virtual attribute context in persistent search
  • BZ - 2049812 - Fix csn generator to limit time skew drift

Red Hat Enterprise Linux Server 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
x86_64
389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 552911a406eb1e21b7618545a1f48f76d199649832572c39106db52c66b3511a
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 2ad2ecb29507f18824030419fd9db6a86e6b0d3ac3fe45ccf85971214ea2db17
389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: b1fb97a4b85ec188645e72f5b68ca9818b55d8e7d683f74dd02e8229b8c691b3
389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: e7acdcacd410492e2a2336694787f51651c008f59300ec17dcbb01489f693dd5

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
x86_64
389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 552911a406eb1e21b7618545a1f48f76d199649832572c39106db52c66b3511a
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 2ad2ecb29507f18824030419fd9db6a86e6b0d3ac3fe45ccf85971214ea2db17
389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: b1fb97a4b85ec188645e72f5b68ca9818b55d8e7d683f74dd02e8229b8c691b3
389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: e7acdcacd410492e2a2336694787f51651c008f59300ec17dcbb01489f693dd5

Red Hat Enterprise Linux Workstation 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
x86_64
389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 552911a406eb1e21b7618545a1f48f76d199649832572c39106db52c66b3511a
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 2ad2ecb29507f18824030419fd9db6a86e6b0d3ac3fe45ccf85971214ea2db17
389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: b1fb97a4b85ec188645e72f5b68ca9818b55d8e7d683f74dd02e8229b8c691b3
389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: e7acdcacd410492e2a2336694787f51651c008f59300ec17dcbb01489f693dd5

Red Hat Enterprise Linux Desktop 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
x86_64
389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 552911a406eb1e21b7618545a1f48f76d199649832572c39106db52c66b3511a
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 2ad2ecb29507f18824030419fd9db6a86e6b0d3ac3fe45ccf85971214ea2db17
389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: b1fb97a4b85ec188645e72f5b68ca9818b55d8e7d683f74dd02e8229b8c691b3
389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: e7acdcacd410492e2a2336694787f51651c008f59300ec17dcbb01489f693dd5

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
s390x
389-ds-base-1.3.10.2-15.el7_9.s390x.rpm SHA-256: 81f7f02c119be06ca83ce2a86ed67c96bbb80ff37e8f403e061c6bba4b61ed1d
389-ds-base-debuginfo-1.3.10.2-15.el7_9.s390x.rpm SHA-256: ec2e63ab43f7089640be3566d7c13250d87bf29b40664cdaa329c6c39d03891a
389-ds-base-devel-1.3.10.2-15.el7_9.s390x.rpm SHA-256: fecf02a7bf013792dba424efe23ac192fd9a3f4cfd66aea641152ed565ce1e6e
389-ds-base-libs-1.3.10.2-15.el7_9.s390x.rpm SHA-256: 81aa231ee48c61df897d0688cb5bb367204c37dd486a8d034fdf53585682ba78
389-ds-base-snmp-1.3.10.2-15.el7_9.s390x.rpm SHA-256: adb944c93195b8a0c5d94a2239534004bc3eca20806b9951140c2b723ab155d2

Red Hat Enterprise Linux for Power, big endian 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
ppc64
389-ds-base-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 4cef908946f09afdd338b012be4974fdb9850e0b59ad725385bccbdcce8bff68
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 8e995be17b57ff0f322d34351e42a09ab4d9ffa3cd85ec858e8d3c1f3f46cc5f
389-ds-base-devel-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 44b35b050c9b748b81f1d3bcc2b91b15d48b8ba8fc114e39c2fca2fa666faeb2
389-ds-base-libs-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 6b9f4e739ffff8eb5a57aa043771ed58317e0bc7331099424a60700e99967d37
389-ds-base-snmp-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 7257ba69e1559f6aa6f8f90a9d03c43515901b95406f59e439d01ab044e4c8e7

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
x86_64
389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 552911a406eb1e21b7618545a1f48f76d199649832572c39106db52c66b3511a
389-ds-base-debuginfo-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 997f872feebbee66450a32726e5f0b743b4bab5829b5684196965d918f016e0d
389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: 2ad2ecb29507f18824030419fd9db6a86e6b0d3ac3fe45ccf85971214ea2db17
389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: b1fb97a4b85ec188645e72f5b68ca9818b55d8e7d683f74dd02e8229b8c691b3
389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm SHA-256: e7acdcacd410492e2a2336694787f51651c008f59300ec17dcbb01489f693dd5

Red Hat Enterprise Linux for Power, little endian 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
ppc64le
389-ds-base-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: 83651e98b3cbc1d03fdb238ee3c56d5d59a0899201546a9240def9eedc430ae7
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: cb082eff9e02b62935d1274a56e9dcecb270377ca6bfc77895d62cc3e99e86ec
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: cb082eff9e02b62935d1274a56e9dcecb270377ca6bfc77895d62cc3e99e86ec
389-ds-base-devel-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: fe4c80e66a0c7d9b10ce8c97a0152b31490b22e64169907ded32ea0ec557cdbd
389-ds-base-libs-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: a8707a7b08698803eec4402aa1ef3991f37ee3f0687cf3e59d6fff3ea969ec63
389-ds-base-snmp-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: 711e0df72d9dbd8641d50e4e34c6b51a4539c54458ef89bf3c9ecd1622133b8e

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
s390x
389-ds-base-1.3.10.2-15.el7_9.s390x.rpm SHA-256: 81f7f02c119be06ca83ce2a86ed67c96bbb80ff37e8f403e061c6bba4b61ed1d
389-ds-base-debuginfo-1.3.10.2-15.el7_9.s390x.rpm SHA-256: ec2e63ab43f7089640be3566d7c13250d87bf29b40664cdaa329c6c39d03891a
389-ds-base-devel-1.3.10.2-15.el7_9.s390x.rpm SHA-256: fecf02a7bf013792dba424efe23ac192fd9a3f4cfd66aea641152ed565ce1e6e
389-ds-base-libs-1.3.10.2-15.el7_9.s390x.rpm SHA-256: 81aa231ee48c61df897d0688cb5bb367204c37dd486a8d034fdf53585682ba78
389-ds-base-snmp-1.3.10.2-15.el7_9.s390x.rpm SHA-256: adb944c93195b8a0c5d94a2239534004bc3eca20806b9951140c2b723ab155d2

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
ppc64
389-ds-base-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 4cef908946f09afdd338b012be4974fdb9850e0b59ad725385bccbdcce8bff68
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 8e995be17b57ff0f322d34351e42a09ab4d9ffa3cd85ec858e8d3c1f3f46cc5f
389-ds-base-devel-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 44b35b050c9b748b81f1d3bcc2b91b15d48b8ba8fc114e39c2fca2fa666faeb2
389-ds-base-libs-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 6b9f4e739ffff8eb5a57aa043771ed58317e0bc7331099424a60700e99967d37
389-ds-base-snmp-1.3.10.2-15.el7_9.ppc64.rpm SHA-256: 7257ba69e1559f6aa6f8f90a9d03c43515901b95406f59e439d01ab044e4c8e7

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
389-ds-base-1.3.10.2-15.el7_9.src.rpm SHA-256: 00fedfef800d3370e3e07e3eb3353d925800732dc3a64159f9fa27d32e1685d2
ppc64le
389-ds-base-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: 83651e98b3cbc1d03fdb238ee3c56d5d59a0899201546a9240def9eedc430ae7
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: cb082eff9e02b62935d1274a56e9dcecb270377ca6bfc77895d62cc3e99e86ec
389-ds-base-debuginfo-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: cb082eff9e02b62935d1274a56e9dcecb270377ca6bfc77895d62cc3e99e86ec
389-ds-base-devel-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: fe4c80e66a0c7d9b10ce8c97a0152b31490b22e64169907ded32ea0ec557cdbd
389-ds-base-libs-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: a8707a7b08698803eec4402aa1ef3991f37ee3f0687cf3e59d6fff3ea969ec63
389-ds-base-snmp-1.3.10.2-15.el7_9.ppc64le.rpm SHA-256: 711e0df72d9dbd8641d50e4e34c6b51a4539c54458ef89bf3c9ecd1622133b8e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.