Issued:: 2024-10-01
Updated:: 2025-01-09

RHSA-2024:7434 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: 389-ds-base security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.

Security Fix(es):

389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199) (CVE-2024-8445)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

BZ - 2310110 - CVE-2024-8445 389-ds-base: server crash while modifying `userPassword` using malformed input (Incomplete fix for CVE-2024-2199)

CVEs

CVE-2024-8445

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
389-ds-base-1.3.11.1-7.el7_9.src.rpm	SHA-256: ff860bd788d773de4d219e369065b8661810ea685cccbe0e2e7d35f8d6303cab
x86_64
389-ds-base-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: 0675d00055151fa98ee4926f643cdc105ce5d79b80edb343710e60ae7da90468
389-ds-base-debuginfo-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: f11c12fd0bc0b99a6a36c4d2b8d53c8e8b2722a39ea45ecd11f0379e6359da89
389-ds-base-debuginfo-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: f11c12fd0bc0b99a6a36c4d2b8d53c8e8b2722a39ea45ecd11f0379e6359da89
389-ds-base-devel-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: 10d5a88620b5da56752466524922028054adefb76dc74629969712aa9ff904ce
389-ds-base-libs-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: 8007f19c5a3848d26df54b87827679d1d318325c469b64f9efd15f2fce74642a
389-ds-base-snmp-1.3.11.1-7.el7_9.x86_64.rpm	SHA-256: 9e7de336d2e7b1e9561988e49160b527c921383b31086c2626c02ae12f938174

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
389-ds-base-1.3.11.1-7.el7_9.src.rpm	SHA-256: ff860bd788d773de4d219e369065b8661810ea685cccbe0e2e7d35f8d6303cab
s390x
389-ds-base-1.3.11.1-7.el7_9.s390x.rpm	SHA-256: e0ad5e850e57923fe6813f43471cd77bb526dbb073ee2c369420bcdbc2544cff
389-ds-base-debuginfo-1.3.11.1-7.el7_9.s390x.rpm	SHA-256: 4272b0b00f6990ae3e22fb1f797c1024180c2c4c8eb459799928e9371e7874ad
389-ds-base-devel-1.3.11.1-7.el7_9.s390x.rpm	SHA-256: 542cbf8c8a6972c691e4770c53a7eaeab01ee536797062985940ef99ad7c5848
389-ds-base-libs-1.3.11.1-7.el7_9.s390x.rpm	SHA-256: 4c22f4349a2f6e44ed286c927590e6d41d75001d97d60cb390a595ca58fd1dd1
389-ds-base-snmp-1.3.11.1-7.el7_9.s390x.rpm	SHA-256: 8731e85afab392e8bd307fd2856eec14536d58cec42fa1c14ed939883abc33bb

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
389-ds-base-1.3.11.1-7.el7_9.src.rpm	SHA-256: ff860bd788d773de4d219e369065b8661810ea685cccbe0e2e7d35f8d6303cab
ppc64
389-ds-base-1.3.11.1-7.el7_9.ppc64.rpm	SHA-256: 605448c351f1ce0da0f8a3bb158f9acc17dbe610603fea0fe54ca81049ff6fd5
389-ds-base-debuginfo-1.3.11.1-7.el7_9.ppc64.rpm	SHA-256: 53affc5961b9dfb397f3c7c15da9979e3bbde4de7aa8c8584357ce8816bcdb13
389-ds-base-devel-1.3.11.1-7.el7_9.ppc64.rpm	SHA-256: cacc7980d09fb8b53e86097957008ac845a9178d2106e5a6d9479ab7ae9b983d
389-ds-base-libs-1.3.11.1-7.el7_9.ppc64.rpm	SHA-256: 3286b4d9807342bd6a512f185f4a006437da7ab9871280188867cd244d0b81b5
389-ds-base-snmp-1.3.11.1-7.el7_9.ppc64.rpm	SHA-256: 59a3f74b112dda51f279c84b88ebbc52ee4013f94416b3ccf20ebb6979ffcd82

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
389-ds-base-1.3.11.1-7.el7_9.src.rpm	SHA-256: ff860bd788d773de4d219e369065b8661810ea685cccbe0e2e7d35f8d6303cab
ppc64le
389-ds-base-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: daae3d4d7b38e5256b392fef545fbf75245128d9ce6f0c3630e7eff5f0c93402
389-ds-base-debuginfo-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: 7a0798efb691a3b8204c325ce2d735e6aadb5b9bc3b56b2db3dec246aa389676
389-ds-base-debuginfo-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: 7a0798efb691a3b8204c325ce2d735e6aadb5b9bc3b56b2db3dec246aa389676
389-ds-base-devel-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: 0b5ade957f21ed605cce9b2d05e08be29a2a627a183ba2643de82251f142b3ff
389-ds-base-libs-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: 0194b3e48db259558b2cbbc6816b0eb431ad3e978913aa6ecec4f74f679cb0be
389-ds-base-snmp-1.3.11.1-7.el7_9.ppc64le.rpm	SHA-256: 946c35e41e432d027047417cac7f2cd5bc56ffdd8ca723fea750cc9ecd73e5f0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation