Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2022:0952 - Security Advisory
Issued:
2022-03-16
Updated:
2022-03-16

RHSA-2022:0952 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: redhat-ds:11.3 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.3 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of
packages includes the Lightweight Directory Access Protocol (LDAP) server, as
well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

  • 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() (CVE-2021-3514)
  • 389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • ACIs are being evaluated against the Replication Manager account in a replication context. (BZ#2022086)
  • A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule (BZ#2022090)
  • DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,<SUFFIX>) is already in the entryrdn file" (BZ#2022686)
  • CLI needs option to set nsslapd-state (BZ#2040794)

Users of Red Hat Directory Server 11 are advised to install these updated
packages.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Directory Server 11 x86_64

Fixes

  • BZ - 1952907 - CVE-2021-3514 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()
  • BZ - 2022086 - ACIs are being evaluated against the Replication Manager account in a replication context.
  • BZ - 2022090 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule
  • BZ - 2022686 - DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,<SUFFIX>) is already in the entryrdn file"
  • BZ - 2030307 - CVE-2021-4091 389-ds-base: double free of the virtual attribute context in persistent search
  • BZ - 2040794 - CLI needs option to set nsslapd-state

CVEs

  • CVE-2021-3514
  • CVE-2021-4091

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Directory Server 11

SRPM
389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.src.rpm SHA-256: 347840ee665a1aa41bd1d29813b20b39962584f6f9a19ff2f15adcd55c6484f5
x86_64
389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: b11efa446bae66d0c6f5c18ddfeb35c1d1eabe30ed7289eb9a17fa35043daccc
389-ds-base-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: de7dd099e541003f67770cda5820f91132b393152d2bbb7cbd7518185f0b5de5
389-ds-base-debugsource-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: 28ebbdb4218035c6fd4509f205054b5b3c089a43ed895d6574a22fa36751531f
389-ds-base-devel-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: 0841ddcc3786021b9c059d8f1e849311ff8d796c17c0eb4b0a697060eed33b4f
389-ds-base-legacy-tools-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: ae17470acbea743db6c3919a664dc3d41e5357d1559dc22bb03bd58e186a9761
389-ds-base-legacy-tools-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: c8fbedab3b91f9091b19f8c8dedf40306a6aa4d7dd24ee2a865051acfd525841
389-ds-base-libs-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: f07498785d129e8a76edc36295d7e259881cb9746b8fddf9202e37445ed40836
389-ds-base-libs-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: d053273aa91801f8759b30b7b2f823de6d7e0178a7b8e85f08baa748af19d599
389-ds-base-snmp-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: c50fafb2b055325632e574a03cc4a2efec0e8f0eeff1614fb7c46ffae39d11ac
389-ds-base-snmp-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm SHA-256: 56627b4b27c0b960955cc5709f8e5abba1a69c3a3d37c441224d4a567f2bdc13
cockpit-389-ds-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm SHA-256: a08a0546e991c1a77a356736e5610bee2da2f1f262bde2f6f0b755a653b4329f
python3-lib389-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm SHA-256: c49779a358195cece3773d81886441fafb4bfeb62d13fe70a0a04ecc31d8df44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility