Red Hat Product Errata RHSA-2024:4997 - Security Advisory
Issued:
2024-08-05
Updated:
2024-08-05

RHSA-2024:4997 - Security Advisory

Synopsis

Moderate: redhat-ds:12 security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9.4.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fixes:

  • 389-ds-base: Unauthenticated user can trigger a DoS by sending a specific extended search request (CVE-2024-6237) (2294858)
  • 389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953) (DIRSRV-137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Users of Red Hat Directory Server 12 are advised to install these updated packages.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Directory Server 12 x86_64
  • Red Hat Directory Server - Extended Update Support 12 for RHEL 9.6 x86_64
  • Red Hat Directory Server - Extended Update Support 12 for RHEL 9.4 x86_64

Fixes

  • BZ - 2292104 - CVE-2024-5953 389-ds-base: Malformed userPassword hash may cause Denial of Service
  • BZ - 2293579 - CVE-2024-6237 389-ds-base: unauthenticated user can trigger a DoS by sending a specific extended search request

Red Hat Directory Server 12

SRPM
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.src.rpm SHA-256: fe895faacf904c2d2454390cf6b0d23e61b13b9cd2e46bcb8288acb00f9ef82b
x86_64
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 7eec4cda593bb093a04bd6dfa1bec5a203fe9e59b33b2781ea063c4a8bb49ad5
389-ds-base-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 4f7a75e30ade70948aaa6f8fbdcafda20d1f977583ba4aa90be6c11838b36baa
389-ds-base-debugsource-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 82811cc873c53e10b586c15ea526690401c0dc5325ccfbc4bbce3aed0922b4d0
389-ds-base-devel-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: ae028e013ef35fa9820e324a20a8aa658d3fc121dafc0456197fdab36fbed510
389-ds-base-libs-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: b162b7718e85e38176ad8c70b7668eb3aac170dc967bcb0cdbdb18aba5c86dd4
389-ds-base-libs-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: a689a35fb737a34165ea378bb5c7570c2f4ca234912770917fcd1e5fa45ea286
389-ds-base-snmp-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: f95f9c69562f4070120d8a7275a03db813f91fa7d6dce8a8fe8cc395950759c9
389-ds-base-snmp-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 56b15ad55c116bfb8033e876064ffa76f2806ed6fd6adba8a281681c3549f5bb
cockpit-389-ds-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 3f84901899f6adcdcee0043281ade060a198c8dfd9fac4253652a8ebfc2e75f0
python3-lib389-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 51136912b0e38ed54291dcd4eb5351839aa8030f42f58176dff42ccaea81b385

Red Hat Directory Server - Extended Update Support 12 for RHEL 9.6

SRPM
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.src.rpm SHA-256: fe895faacf904c2d2454390cf6b0d23e61b13b9cd2e46bcb8288acb00f9ef82b
x86_64
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 7eec4cda593bb093a04bd6dfa1bec5a203fe9e59b33b2781ea063c4a8bb49ad5
389-ds-base-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 4f7a75e30ade70948aaa6f8fbdcafda20d1f977583ba4aa90be6c11838b36baa
389-ds-base-debugsource-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 82811cc873c53e10b586c15ea526690401c0dc5325ccfbc4bbce3aed0922b4d0
389-ds-base-devel-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: ae028e013ef35fa9820e324a20a8aa658d3fc121dafc0456197fdab36fbed510
389-ds-base-libs-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: b162b7718e85e38176ad8c70b7668eb3aac170dc967bcb0cdbdb18aba5c86dd4
389-ds-base-libs-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: a689a35fb737a34165ea378bb5c7570c2f4ca234912770917fcd1e5fa45ea286
389-ds-base-snmp-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: f95f9c69562f4070120d8a7275a03db813f91fa7d6dce8a8fe8cc395950759c9
389-ds-base-snmp-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 56b15ad55c116bfb8033e876064ffa76f2806ed6fd6adba8a281681c3549f5bb
cockpit-389-ds-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 3f84901899f6adcdcee0043281ade060a198c8dfd9fac4253652a8ebfc2e75f0
python3-lib389-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 51136912b0e38ed54291dcd4eb5351839aa8030f42f58176dff42ccaea81b385

Red Hat Directory Server - Extended Update Support 12 for RHEL 9.4

SRPM
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.src.rpm SHA-256: fe895faacf904c2d2454390cf6b0d23e61b13b9cd2e46bcb8288acb00f9ef82b
x86_64
389-ds-base-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 7eec4cda593bb093a04bd6dfa1bec5a203fe9e59b33b2781ea063c4a8bb49ad5
389-ds-base-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 4f7a75e30ade70948aaa6f8fbdcafda20d1f977583ba4aa90be6c11838b36baa
389-ds-base-debugsource-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 82811cc873c53e10b586c15ea526690401c0dc5325ccfbc4bbce3aed0922b4d0
389-ds-base-devel-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: ae028e013ef35fa9820e324a20a8aa658d3fc121dafc0456197fdab36fbed510
389-ds-base-libs-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: b162b7718e85e38176ad8c70b7668eb3aac170dc967bcb0cdbdb18aba5c86dd4
389-ds-base-libs-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: a689a35fb737a34165ea378bb5c7570c2f4ca234912770917fcd1e5fa45ea286
389-ds-base-snmp-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: f95f9c69562f4070120d8a7275a03db813f91fa7d6dce8a8fe8cc395950759c9
389-ds-base-snmp-debuginfo-2.4.5-7.module+el9dsrv+22137+7a1133f7.x86_64.rpm SHA-256: 56b15ad55c116bfb8033e876064ffa76f2806ed6fd6adba8a281681c3549f5bb
cockpit-389-ds-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 3f84901899f6adcdcee0043281ade060a198c8dfd9fac4253652a8ebfc2e75f0
python3-lib389-2.4.5-7.module+el9dsrv+22137+7a1133f7.noarch.rpm SHA-256: 51136912b0e38ed54291dcd4eb5351839aa8030f42f58176dff42ccaea81b385

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.