Issued:: 2022-03-16
Updated:: 2022-03-16

RHSA-2022:0952 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: redhat-ds:11.3 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.3 for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of
packages includes the Lightweight Directory Access Protocol (LDAP) server, as
well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() (CVE-2021-3514)
389-ds-base: double-free of the virtual attribute context in persistent search (CVE-2021-4091)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

ACIs are being evaluated against the Replication Manager account in a replication context. (BZ#2022086)
A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule (BZ#2022090)
DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,<SUFFIX>) is already in the entryrdn file" (BZ#2022686)
CLI needs option to set nsslapd-state (BZ#2040794)

Users of Red Hat Directory Server 11 are advised to install these updated
packages.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Directory Server 11 x86_64

Fixes

BZ - 1952907 - CVE-2021-3514 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()
BZ - 2022086 - ACIs are being evaluated against the Replication Manager account in a replication context.
BZ - 2022090 - A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule
BZ - 2022686 - DB corruption "_entryrdn_insert_key - Same DN (dn: nsuniqueid=ffffffff-ffffffff-ffffffff-ffffffff,<SUFFIX>) is already in the entryrdn file"
BZ - 2030307 - CVE-2021-4091 389-ds-base: double free of the virtual attribute context in persistent search
BZ - 2040794 - CLI needs option to set nsslapd-state

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Directory Server 11

SRPM
389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.src.rpm	SHA-256: 347840ee665a1aa41bd1d29813b20b39962584f6f9a19ff2f15adcd55c6484f5
x86_64
389-ds-base-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: b11efa446bae66d0c6f5c18ddfeb35c1d1eabe30ed7289eb9a17fa35043daccc
389-ds-base-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: de7dd099e541003f67770cda5820f91132b393152d2bbb7cbd7518185f0b5de5
389-ds-base-debugsource-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: 28ebbdb4218035c6fd4509f205054b5b3c089a43ed895d6574a22fa36751531f
389-ds-base-devel-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: 0841ddcc3786021b9c059d8f1e849311ff8d796c17c0eb4b0a697060eed33b4f
389-ds-base-legacy-tools-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: ae17470acbea743db6c3919a664dc3d41e5357d1559dc22bb03bd58e186a9761
389-ds-base-legacy-tools-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: c8fbedab3b91f9091b19f8c8dedf40306a6aa4d7dd24ee2a865051acfd525841
389-ds-base-libs-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: f07498785d129e8a76edc36295d7e259881cb9746b8fddf9202e37445ed40836
389-ds-base-libs-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: d053273aa91801f8759b30b7b2f823de6d7e0178a7b8e85f08baa748af19d599
389-ds-base-snmp-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: c50fafb2b055325632e574a03cc4a2efec0e8f0eeff1614fb7c46ffae39d11ac
389-ds-base-snmp-debuginfo-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.x86_64.rpm	SHA-256: 56627b4b27c0b960955cc5709f8e5abba1a69c3a3d37c441224d4a567f2bdc13
cockpit-389-ds-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm	SHA-256: a08a0546e991c1a77a356736e5610bee2da2f1f262bde2f6f0b755a653b4329f
python3-lib389-1.4.3.22-4.module+el8dsrv+13893+84b6c18c.noarch.rpm	SHA-256: c49779a358195cece3773d81886441fafb4bfeb62d13fe70a0a04ecc31d8df44

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation