Issued:: 2025-02-18
Updated:: 2025-02-18

RHSA-2025:1632 - Security Advisory

Overview
Updated Packages

Synopsis

Important: redhat-ds:11 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.5 E4S for RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol (LDAP) server, as well as command-line utilities and Web UI packages for server administration.

Security Fix(es):

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr) (CVE-2024-1062)
389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)
389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)
389-ds-base: Malformed userPassword hash may cause Denial of Service (CVE-2024-5953)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Directory Server - 4 years of updates 11 x86_64

Fixes

BZ - 2261879 - CVE-2024-1062 389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)
BZ - 2267976 - CVE-2024-2199 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c
BZ - 2274401 - CVE-2024-3657 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request
BZ - 2292104 - CVE-2024-5953 389-ds-base: Malformed userPassword hash may cause Denial of Service

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Directory Server - 4 years of updates 11

SRPM
389-ds-base-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.src.rpm	SHA-256: 2613edffe51487e5e959d1571a3a72b6a1d547ad848004b11ac82cd6f8333748
x86_64
389-ds-base-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 1cc1948e82916d982a5539fe9e7cfe3305fb4bcb23ea9ab23b37e6eb69570ffb
389-ds-base-debuginfo-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: aa89c3f6841e4fe075e329dc72a2364ee90d3107032c43621606dc37d390ddef
389-ds-base-debugsource-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 9af797854005c0fc7abf2a2ff4034c6c49d9b8eb035ec5dab30c2aa861b0a396
389-ds-base-devel-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: bad620834ef65231f855d595cfcc62dfdacab3b2238c0f41701a7623b42d8fa6
389-ds-base-legacy-tools-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 6680d5a7dfac0c2b6157b1982fc0751adb6a89a0ed63c87c596e8cf06e21dd94
389-ds-base-legacy-tools-debuginfo-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 0d8b6239f37efa1d67f22e8847bdf6ec7580aa75fbc0841037c0af9a791dd5de
389-ds-base-libs-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: baffc711452037ab152f8865cc5a56824518accf3e120789b4fece25b0f9223a
389-ds-base-libs-debuginfo-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 997d3e4929c24eca44b55190c27329dd97c6e9cde644493eb7df559aaafb6d8c
389-ds-base-snmp-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: 74d9087836ed26e369bff69b9d9b4233639f7163090b96dc508eca70348073aa
389-ds-base-snmp-debuginfo-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.x86_64.rpm	SHA-256: d252c3291c44a40ff6ec5fdbb4814fadee3734f43df8fa80a2d1631a01087afa
cockpit-389-ds-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.noarch.rpm	SHA-256: 69a7033d77ad7d1148bef950d2f692a36108d58354ada4d1b73967156de55225
python3-lib389-1.4.3.34-4.module+el8dsrv+22781+5fe99dde.noarch.rpm	SHA-256: 43fb5cfb86e008c9c00b74caec0480e9f3f10a65b30832e1b3b00304abd4055d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation