Red Hat Product Errata RHSA-2024:5690 - Security Advisory
Issued:
2024-08-21
Updated:
2024-08-21

RHSA-2024:5690 - Security Advisory

Synopsis

Important: 389-ds:1.4 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

  • 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062)
  • 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)
  • 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)
  • 389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2261879 - CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
  • BZ - 2267976 - CVE-2024-2199 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c
  • BZ - 2274401 - CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request
  • BZ - 2292104 - CVE-2024-5953 389-ds-base: Malformed userPassword hash may cause Denial of Service
  • RHEL-50831 - perf search result investigation for many large static groups and members [rhel-8.8.z]

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
x86_64
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 213161b0f9a89f4347490598b411760eb165ee5c91c4130fb8939e9aaa5675d5
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 7341b4b1a88603a5dc6a150e27606e9ad81147be3b00b5f24188ce23f4eac3a9
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 46e8922e2bc4182d09c51f446cdb6ae9b5ffe3d9944b9fa979af38ae00b35b54
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: da81b666b2c11e60df6a8769ba9262f7870ec03e66439b04b35e75fbe6ef31bc
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 3d3f4e197f87f2138d07f344ca905f5efc58124fea36c8b795641365927d1c45
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 56cd321f65fb08cb32e139f253bcf6381d9f4feebb5a15e50123b9122b152d0a
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 9764ce79baf4a593357d6f90d9c12aa3a8b6ca3040643ceedb5db7d586cfe741
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 17696e80df0e52e2c92680513ee68d675663e298a7a8ffeb981d82708bcb8b2e
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 6190fe967e6db632edb7261410cb9445d2ec9dd10b2ba0f347d25f369b1cddc6
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: dc421741bc9048aa0644f9de2038a4d0480deefc6534a9af90d112adb09d87ea
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
s390x
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: e9c13f262f1dd8e08870c1664f3d21a04c35d8a3e158df530025fba1a217110c
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 93a4c034aacfd7fbcf2778d672e25a1ab93e0b692a2eb0086c431e104e83824d
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 3fe031c693974e5ad284c580ceb4a356c6486d6f82988bf821043422030c5350
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: c5df33aecfd8584e317e9a5543b895db9a321bcf8a23211a3087899a1e794808
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 68232ac797a35438038bea31f1e978405ac8cbc9f577699c7a0a82dc3a6289e2
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 2b4434218bfdf1ea0d6520d6b1bbaf405ebe726d8d1608ec4827cb6cc5314141
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 0a74a538e805aa9e94901b8bd84102b28a35afbf88527f82a20fdfb33315845c
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 4ead923426b3e0730ea070709847663aa108921bf95f73a1f3bdddad522d0a39
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 0d13a7edd16c1b2c26849b71b7a7a2d173d6e457486527a2bc31a8939d238227
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.s390x.rpm SHA-256: 177abc997ddf7c5d6db098f01134d0bc5f9fdc47c2b037901eb0b150341d014b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
ppc64le
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: bc1d4c9644882903b55d5642155383fb32cad8bff9397b0823d8105f3437e86c
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 304d23151041a4edf89ba7fb95c0c3d1528825c32365e746761e401efc57ef3a
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: f6831306d995f49dc7c674df7f9fbba83afbea1d34d3bacb34586c22fb406718
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 678eaada1438a09798ae9134f7bb88e6573f737d4d0b244d889c4f6ea9fdcce8
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 13d2982fbe0462519e81a254b17d5697cd2d22e329b989b8245219011c3220a5
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 062ab152bf0ce4fe89bd45eb2de42f03fcd9f941c9abf7e6a24af727ad8b168b
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 27e616a1d95fe939202026f7c561493e978243a5e1a5bb9a37cd4724ca0122b6
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: e9c21bf363e149be6dc32967d329ffcd6112281ef2538d0f70906ef32ba0a207
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: a623135bc903c75ebc1b0123d5db5a24a86fd087a333b3cb8dec00184357a1d3
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: fdc8567dd3b4c34405e738b761e414617794431a8c0b93df548c6d10239442bb

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
x86_64
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 213161b0f9a89f4347490598b411760eb165ee5c91c4130fb8939e9aaa5675d5
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 7341b4b1a88603a5dc6a150e27606e9ad81147be3b00b5f24188ce23f4eac3a9
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 46e8922e2bc4182d09c51f446cdb6ae9b5ffe3d9944b9fa979af38ae00b35b54
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: da81b666b2c11e60df6a8769ba9262f7870ec03e66439b04b35e75fbe6ef31bc
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 3d3f4e197f87f2138d07f344ca905f5efc58124fea36c8b795641365927d1c45
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 56cd321f65fb08cb32e139f253bcf6381d9f4feebb5a15e50123b9122b152d0a
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 9764ce79baf4a593357d6f90d9c12aa3a8b6ca3040643ceedb5db7d586cfe741
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 17696e80df0e52e2c92680513ee68d675663e298a7a8ffeb981d82708bcb8b2e
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 6190fe967e6db632edb7261410cb9445d2ec9dd10b2ba0f347d25f369b1cddc6
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: dc421741bc9048aa0644f9de2038a4d0480deefc6534a9af90d112adb09d87ea
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
aarch64
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: a70107aedbbb0cd3c33cdec8694a60cda73d4a90b8a53a748fe960863903c4ae
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 057596115b9033b2df17c08affc6322baf24b08742d5ad9601e5d2c8799c95cf
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 68a1f6e62b580dfa3d058f769a4abb756a4ed4b00a601a655d144c14dfbb9f31
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 0836c8994cfdf3ad844aa75dbbe86c53a3440a5d8e8c5751143c578b1f955f42
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: f9b0e2772e99079951856dae77e5e63fc1775ed6a75b75071bdaebbe0277e891
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: aa27de5d26208723ffacfe20422a8a503e6a41f48d9463fcd4dbdd93a6c6bea1
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: ac2d71ba455dda0147603cdd0d846d8b0bfca73609a8d71f99f829369967dd2d
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 947188e9b5f965836e4f7944a70c3759ff22952f8e347fa9fc870da15f73549f
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 25ebb01e6bbf7bafec5c3639ff921dd443e0039e5a967b67d926bb9b26161b21
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.aarch64.rpm SHA-256: 7e638edaddcfb8b23c75ccd50fbdafaf602b932aec7bf219c2713857dc762672

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
ppc64le
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: bc1d4c9644882903b55d5642155383fb32cad8bff9397b0823d8105f3437e86c
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 304d23151041a4edf89ba7fb95c0c3d1528825c32365e746761e401efc57ef3a
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: f6831306d995f49dc7c674df7f9fbba83afbea1d34d3bacb34586c22fb406718
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 678eaada1438a09798ae9134f7bb88e6573f737d4d0b244d889c4f6ea9fdcce8
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 13d2982fbe0462519e81a254b17d5697cd2d22e329b989b8245219011c3220a5
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 062ab152bf0ce4fe89bd45eb2de42f03fcd9f941c9abf7e6a24af727ad8b168b
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: 27e616a1d95fe939202026f7c561493e978243a5e1a5bb9a37cd4724ca0122b6
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: e9c21bf363e149be6dc32967d329ffcd6112281ef2538d0f70906ef32ba0a207
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: a623135bc903c75ebc1b0123d5db5a24a86fd087a333b3cb8dec00184357a1d3
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.ppc64le.rpm SHA-256: fdc8567dd3b4c34405e738b761e414617794431a8c0b93df548c6d10239442bb

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.src.rpm SHA-256: 256a304fa11717cafafe7e7c52900c7fbb8dd03a62f61000ddc3aaf7c8d95e41
x86_64
389-ds-base-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 213161b0f9a89f4347490598b411760eb165ee5c91c4130fb8939e9aaa5675d5
389-ds-base-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 7341b4b1a88603a5dc6a150e27606e9ad81147be3b00b5f24188ce23f4eac3a9
389-ds-base-debugsource-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 46e8922e2bc4182d09c51f446cdb6ae9b5ffe3d9944b9fa979af38ae00b35b54
389-ds-base-devel-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: da81b666b2c11e60df6a8769ba9262f7870ec03e66439b04b35e75fbe6ef31bc
389-ds-base-legacy-tools-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 3d3f4e197f87f2138d07f344ca905f5efc58124fea36c8b795641365927d1c45
389-ds-base-legacy-tools-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 56cd321f65fb08cb32e139f253bcf6381d9f4feebb5a15e50123b9122b152d0a
389-ds-base-libs-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 9764ce79baf4a593357d6f90d9c12aa3a8b6ca3040643ceedb5db7d586cfe741
389-ds-base-libs-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 17696e80df0e52e2c92680513ee68d675663e298a7a8ffeb981d82708bcb8b2e
389-ds-base-snmp-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: 6190fe967e6db632edb7261410cb9445d2ec9dd10b2ba0f347d25f369b1cddc6
389-ds-base-snmp-debuginfo-1.4.3.35-5.module+el8.8.0+22193+5f98570a.x86_64.rpm SHA-256: dc421741bc9048aa0644f9de2038a4d0480deefc6534a9af90d112adb09d87ea
python3-lib389-1.4.3.35-5.module+el8.8.0+22193+5f98570a.noarch.rpm SHA-256: 8304bed63079f245a1365dc03093e9d87b99f6836d3254973206a19c85fde020

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.