Red Hat Product Errata RHSA-2024:3047 - Security Advisory
Issued:
2024-05-22
Updated:
2024-05-22

RHSA-2024:3047 - Security Advisory

Synopsis

Moderate: 389-ds:1.4 security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

  • 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2261879 - CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
  • RHEL-19028 - Rebase 389-ds-base in RHEL 8.10
  • RHEL-19240 - [RFE] Add PROXY protocol support to 389-ds-base via confiuration item - similar to Postfix [rhel-8.10.0]
  • RHEL-5143 - SELinux labeling for dirsrv files seen during ipa install/uninstall should be moved to DEBUG.
  • RHEL-5107 - bdb_start - Detected Disorderly Shutdown directory server is not starting [rhel-8.10.0]
  • RHEL-16338 - ns-slapd crash in slapi_attr_basetype [rhel-8.10.0]
  • RHEL-14025 - After an upgrade the LDAP server won't start if nsslapd-conntablesize is present in the dse.ldif file. [rhel-8.10.0]
  • RHEL-5135 - crash in sync_update_persist_op() of content sync plugin [rhel-8.10.0]

Red Hat Enterprise Linux for x86_64 8

SRPM
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.src.rpm SHA-256: 808bd8f135e3802350dd55aefbb2ea49435415ae7b74d64c637c04f696af879c
x86_64
python3-lib389-1.4.3.39-3.module+el8.10.0+21535+f663b039.noarch.rpm SHA-256: 5c9d699d200e983fbb216e273a2bd726c20c9245a22ff9dbab4e9b09f6d3ff1d
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: bdecf6c199ba69e5b3edd0fd1fb7d551b5fc66e3b98132154b0e4cc78b2996dc
389-ds-base-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: 56d3bf646851952844bc3189f881b6d03cf283cc2c9bab54b088432c02ba516b
389-ds-base-debugsource-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: 4fd656ec9f6a349bc94c67e9ffb01e7d50666820c7dcf913956fa75d0324c9d3
389-ds-base-devel-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: d3348ce6b749ff6dd177c485d18c8113a5f202e53f6180c59d1f434bcab34993
389-ds-base-legacy-tools-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: de59be06725b6a7b7cef0f49b54baf9303d84db7ebed3ed03844d9aa6cd26c53
389-ds-base-legacy-tools-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: 8e526b7b0a19a6162991cc73fe4bcf2798f7a38f0fa3f60a96a40f5f293192cc
389-ds-base-libs-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: ab9e961f570746297612e55e4dfea83a3c1c31f7a55b07ca43785baf3e57144e
389-ds-base-libs-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: ce2c6badc5e99a8afcd1d1dfa49cb9e54d8b8bea6a079f608bcf276054dcfcfb
389-ds-base-snmp-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: b07689de56dbeafdf26b10a284f7d1d8319c5bdf237b0ecbb8c7bd2ce6b4cb69
389-ds-base-snmp-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.x86_64.rpm SHA-256: 9f2d7a402e68ff0a4ae48438873ac4d20ffcf9fa000e0062c1674104166b8564

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.src.rpm SHA-256: 808bd8f135e3802350dd55aefbb2ea49435415ae7b74d64c637c04f696af879c
s390x
python3-lib389-1.4.3.39-3.module+el8.10.0+21535+f663b039.noarch.rpm SHA-256: 5c9d699d200e983fbb216e273a2bd726c20c9245a22ff9dbab4e9b09f6d3ff1d
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: 6b8075599ded6a0dabd6e8027d9838618624444144240de5a2e6cdf627f5be07
389-ds-base-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: e511a880373b0abdeffe1ba3faf443c28381371c5bc1316f8fad8918036dc6dc
389-ds-base-debugsource-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: d0ccca03f6378591062ed76554a1ec238892696f7cdf896129fba1340ab93241
389-ds-base-devel-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: 8ed743d79736f14e617cfb8e7a4520e30d8cea615f0b36762d037e9e128aec70
389-ds-base-legacy-tools-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: 8fbf0ee404b47e1aba5269cb57d39cdcffad9e3fec580882a864333a1cdb4dae
389-ds-base-legacy-tools-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: a0360ea8c1dfb65eb7a748bbd33e6ef1212fbee7265bd86c39486d3a97e488fe
389-ds-base-libs-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: 2e0c44392b9719bcdb40a7d1e0b1a08a4335321542bb101a8b16210fe7f3792a
389-ds-base-libs-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: 5480ec11e174871ead3ffd3864eafb25f041141e4f0899cd8b3d54ffea5c6933
389-ds-base-snmp-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: bbc08cf0ed2a2c64f95ab3591f06ccfb7af949d8c2d2583516b7cf3cdb991879
389-ds-base-snmp-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.s390x.rpm SHA-256: b446c2b1348b1cc20de00b1fedcf25bef8369bec81d21c51cdc82e41aa4ac62a

Red Hat Enterprise Linux for Power, little endian 8

SRPM
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.src.rpm SHA-256: 808bd8f135e3802350dd55aefbb2ea49435415ae7b74d64c637c04f696af879c
ppc64le
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 5166f8a595ce7d1e5acb3b9313193b387eaabe7d3922148a595adcd6ae52fbec
389-ds-base-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: b921477354d31314f54b3596baab4457e425eb90b25c8ddd4d17603b2b59734b
389-ds-base-debugsource-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: c89229fb61a049de45152ea876d3c9225601bc5ea923722a0db5fb4a33b9d72d
389-ds-base-devel-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 0016136596f04788aa8834defc34e12a1ef04fd4daeff67bf7dc464ece6e0bad
389-ds-base-legacy-tools-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 2f99399463b5fd4bb506a7a270cf5b013603e8eeb7b105d97879ea3a7953ca62
389-ds-base-legacy-tools-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 93a00a734b9531e9a12bcdea829711a0fa7609cf5261b404aa74d8f047322151
389-ds-base-libs-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 346d58ad2fc478c37ff258b6d970838083657ef9459850034093f914cb83b461
389-ds-base-libs-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: a50ed03ccd0253c2c12ea9beaf2b6f443f0675fb3c095247fbc9201e3aa75b79
389-ds-base-snmp-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: f5038f134053f584dae75ac4e42f80867eed43215c6e8090f5892c6815765bb3
389-ds-base-snmp-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.ppc64le.rpm SHA-256: 3a1fc9984aa4a43ac4679f5621511b7e6dbad697d796c763f699aa1c2df4107e
python3-lib389-1.4.3.39-3.module+el8.10.0+21535+f663b039.noarch.rpm SHA-256: 5c9d699d200e983fbb216e273a2bd726c20c9245a22ff9dbab4e9b09f6d3ff1d

Red Hat Enterprise Linux for ARM 64 8

SRPM
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.src.rpm SHA-256: 808bd8f135e3802350dd55aefbb2ea49435415ae7b74d64c637c04f696af879c
aarch64
python3-lib389-1.4.3.39-3.module+el8.10.0+21535+f663b039.noarch.rpm SHA-256: 5c9d699d200e983fbb216e273a2bd726c20c9245a22ff9dbab4e9b09f6d3ff1d
389-ds-base-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 579c655952b76c6e108fe51a2ffbb83774cd723bdfa016a8fe80390605053206
389-ds-base-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: db9e40b8c618199256a96b6a1a7ccc71f2a7f7017c79099f4ab4f33b048b6a01
389-ds-base-debugsource-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 58cec3776ac3b10fe746727765dc906a841dbf76aa90ea00e9ed6c3c6aa87e10
389-ds-base-devel-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 88385ba03e172c019aaa6aab265dd9c8085e3b6f27d4016415c866566b60de3a
389-ds-base-legacy-tools-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 2d4a0e36e7de14b01463e82f9eb13c077fd9bc5ca21a6693b1193abefdd882c0
389-ds-base-legacy-tools-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: e95215f3a2789a6f69ecae141f8d2c29499ae57c033c68a6c4869a11612b11eb
389-ds-base-libs-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 963a52442c9d1220e68527508cf5d3fb3d5b2ee661fa9cbcdde726cd1c8a83ed
389-ds-base-libs-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 8c3636b944437b7e600f9792357315feb3cf42a968bedc3af9a6a513629da6a8
389-ds-base-snmp-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 5e528283bc8074ac2e2c9c5ce4027e44066099dc2a6ac1883cebeb184c3f2911
389-ds-base-snmp-debuginfo-1.4.3.39-3.module+el8.10.0+21535+f663b039.aarch64.rpm SHA-256: 514dab3ae97aec207c3a776faff69a0bcd49bc59c32390e678147351bff6a4cb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.