- Issued:
- 2024-06-25
- Updated:
- 2024-06-25
RHSA-2024:4092 - Security Advisory
Synopsis
Important: redhat-ds:12 security, bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.
Security Fix(es):
- 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657) (2267976)
- 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199) (2274401)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- One level scoped search now returns a subsuffix correctly (BZ#2292903)
- Improved performance of filter component evaluation when tested against a large value set, such as group members (BZ#2293001)
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
Affected Products
- Red Hat Directory Server 12 x86_64
- Red Hat Directory Server - Extended Update Support 12 for RHEL 9.4 x86_64
Fixes
- BZ - 2267976 - CVE-2024-2199 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c
- BZ - 2274401 - CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request
- BZ - 2292903 - subsuffix are not returned in one level scoped search
- BZ - 2293001 - Improve the performance of evaluation of filter component when tested against a large valueset (like group members) [dirsrv-12.4.z]
Red Hat Directory Server 12
| SRPM | |
|---|---|
| 389-ds-base-2.4.5-4.module+el9dsrv+21964+c7e95493.src.rpm | SHA-256: 782744e71cfa2be30538e5437f69d0918cd8926648903485c705b231b5cc167d |
| x86_64 | |
| 389-ds-base-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: d8433bfc52f5fe29355a6f635270d56faf05641812977c89ce4871a027e3e0c3 |
| 389-ds-base-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: b2175d0104a8a42251bc3e945a13d9ad71f39fa728dea5d43c3a471cce702a3c |
| 389-ds-base-debugsource-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 880db24cabab29f19b62ce2ffb60b19795ef0acd48f2e19365ceed25c48f1873 |
| 389-ds-base-devel-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 5be83639aa6b3e45ed394382ae0ec038c2d948c99fcc63003e64e0962542dfec |
| 389-ds-base-libs-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 6307daca667fb8577adce4ecd168767307d61f1aae1a8c2fc35c74fe9e5b408b |
| 389-ds-base-libs-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 6568583c66552f12b1eb27c3a820ee2a3700c1a5f37656f71b330d4ab2593601 |
| 389-ds-base-snmp-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 7a792429d7e33b021d9b10f2dac4ae3dab84dfccb099483934e2421742539ef2 |
| 389-ds-base-snmp-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 09cc35146fbf803d92dabc97434c82af720142b243468d7c9d8d00641329cdc1 |
| cockpit-389-ds-2.4.5-4.module+el9dsrv+21964+c7e95493.noarch.rpm | SHA-256: b5112c9b6a686a03e111fa9fd2e2269abfa773920c08230dc47ac78aac9dcbe8 |
| python3-lib389-2.4.5-4.module+el9dsrv+21964+c7e95493.noarch.rpm | SHA-256: 2d62ac4d5e507fc2ceafbec0e59f93974c697c92bf730dcb17c0c6b892919a84 |
Red Hat Directory Server - Extended Update Support 12 for RHEL 9.4
| SRPM | |
|---|---|
| 389-ds-base-2.4.5-4.module+el9dsrv+21964+c7e95493.src.rpm | SHA-256: 782744e71cfa2be30538e5437f69d0918cd8926648903485c705b231b5cc167d |
| x86_64 | |
| 389-ds-base-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: d8433bfc52f5fe29355a6f635270d56faf05641812977c89ce4871a027e3e0c3 |
| 389-ds-base-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: b2175d0104a8a42251bc3e945a13d9ad71f39fa728dea5d43c3a471cce702a3c |
| 389-ds-base-debugsource-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 880db24cabab29f19b62ce2ffb60b19795ef0acd48f2e19365ceed25c48f1873 |
| 389-ds-base-devel-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 5be83639aa6b3e45ed394382ae0ec038c2d948c99fcc63003e64e0962542dfec |
| 389-ds-base-libs-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 6307daca667fb8577adce4ecd168767307d61f1aae1a8c2fc35c74fe9e5b408b |
| 389-ds-base-libs-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 6568583c66552f12b1eb27c3a820ee2a3700c1a5f37656f71b330d4ab2593601 |
| 389-ds-base-snmp-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 7a792429d7e33b021d9b10f2dac4ae3dab84dfccb099483934e2421742539ef2 |
| 389-ds-base-snmp-debuginfo-2.4.5-4.module+el9dsrv+21964+c7e95493.x86_64.rpm | SHA-256: 09cc35146fbf803d92dabc97434c82af720142b243468d7c9d8d00641329cdc1 |
| cockpit-389-ds-2.4.5-4.module+el9dsrv+21964+c7e95493.noarch.rpm | SHA-256: b5112c9b6a686a03e111fa9fd2e2269abfa773920c08230dc47ac78aac9dcbe8 |
| python3-lib389-2.4.5-4.module+el9dsrv+21964+c7e95493.noarch.rpm | SHA-256: 2d62ac4d5e507fc2ceafbec0e59f93974c697c92bf730dcb17c0c6b892919a84 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
