ALSA-2024:4235

[ALSA-2024:4235] Important: 389-ds security update

Type:

security

Severity:

important

Release date:

2024-07-04

Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. 

Security Fix(es):

* 389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request (CVE-2024-3657)
* 389-ds-base: Malformed userPassword may cause crash at do_modify in slapd/modify.c (CVE-2024-2199)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	389-ds-base-devel-1.4.3.39-7.module_el8.10.0+3864+d8eec553.aarch64.rpm	1629688ec7b7cfd8036c000efc31cdb7de0bd366d4ce05d4a57eebd40dfcaf5d
aarch64	389-ds-base-libs-1.4.3.39-7.module_el8.10.0+3864+d8eec553.aarch64.rpm	166312ef7063f80fafbf5885856b24541f16928d9726672e465194e4aa7b80c5
aarch64	389-ds-base-1.4.3.39-7.module_el8.10.0+3864+d8eec553.aarch64.rpm	a9cea2ae1748c63d25073cafd2acc7e929363ce96e2ecf48e107be02532c1a2e
aarch64	389-ds-base-snmp-1.4.3.39-7.module_el8.10.0+3864+d8eec553.aarch64.rpm	d99722e3c24a0d54dd3c7888a8740d30aec4b36668d9e2673b6d37e8e344c5d6
aarch64	389-ds-base-legacy-tools-1.4.3.39-7.module_el8.10.0+3864+d8eec553.aarch64.rpm	e4f48c9931457e955142bd491ca7a0094d9bf6c2be6eee690488de8c82a4e5e5
noarch	python3-lib389-1.4.3.39-7.module_el8.10.0+3864+d8eec553.noarch.rpm	b9840f9b99c2a6245d14c67493bdd173efbfc6a894d2c0c1218fe54c1bb82de3
ppc64le	389-ds-base-libs-1.4.3.39-7.module_el8.10.0+3864+d8eec553.ppc64le.rpm	06bd44909a479e7a68838af78c82cbb523ee6051303604a46be7fa7add8ac223
ppc64le	389-ds-base-devel-1.4.3.39-7.module_el8.10.0+3864+d8eec553.ppc64le.rpm	124ac1acf97d1ac115bc45e9ef5686ed98d2645903f00638dc8b50e24d4f0fb4
ppc64le	389-ds-base-snmp-1.4.3.39-7.module_el8.10.0+3864+d8eec553.ppc64le.rpm	76db1ee4b17f819a22fdb3bee9b2d0fd203352c8b64b728ce5a6fc63429fbfaf
ppc64le	389-ds-base-legacy-tools-1.4.3.39-7.module_el8.10.0+3864+d8eec553.ppc64le.rpm	f8538834340e92099a5e4eb72c3d3efea93b64475ff3c15c39fac5d88150aa02
ppc64le	389-ds-base-1.4.3.39-7.module_el8.10.0+3864+d8eec553.ppc64le.rpm	f95934176159e581b955df46add1a031999fd089c3aa18c18eb39bc0ae46f924
s390x	389-ds-base-libs-1.4.3.39-7.module_el8.10.0+3864+d8eec553.s390x.rpm	0dad4d797537ba64d22bf3a79a6dbd02ec08ae4bf44ee9240dd92e4085d1dc90
s390x	389-ds-base-snmp-1.4.3.39-7.module_el8.10.0+3864+d8eec553.s390x.rpm	26ae4f4286e59961e8cf6b1fff11d886b0d064c358f0fe93aaea8c9b34849923
s390x	389-ds-base-legacy-tools-1.4.3.39-7.module_el8.10.0+3864+d8eec553.s390x.rpm	5687ac634c0ff91ed986ca0fb6404f2c31e6f818068a0922283a0dbeb64c19c0
s390x	389-ds-base-1.4.3.39-7.module_el8.10.0+3864+d8eec553.s390x.rpm	a98ca27399834914a4e01cefb9892c8d892cdf7bfce1e4bf64e4253d91dc71d1
s390x	389-ds-base-devel-1.4.3.39-7.module_el8.10.0+3864+d8eec553.s390x.rpm	ec757676289fc8d135e7dcc296cf4fd6e372309f63288cc6d349ff07bbef7bbb
x86_64	389-ds-base-snmp-1.4.3.39-7.module_el8.10.0+3864+d8eec553.x86_64.rpm	415d497de619e707155431ef757c9c68926965785f64942fcabcc3dad45cdf86
x86_64	389-ds-base-1.4.3.39-7.module_el8.10.0+3864+d8eec553.x86_64.rpm	709da8614bc6a5c44149f50c4f724c4302be0a3502839a56f46fa917228d1e29
x86_64	389-ds-base-legacy-tools-1.4.3.39-7.module_el8.10.0+3864+d8eec553.x86_64.rpm	abc50701a52fa71513ad9d89fbd08217fde8385f824ea86f830460a2fdaf2635
x86_64	389-ds-base-libs-1.4.3.39-7.module_el8.10.0+3864+d8eec553.x86_64.rpm	bc8079e8bebaaa4eaaea35b1040df68fa8c99c95e914d3effd03619f09ea320f
x86_64	389-ds-base-devel-1.4.3.39-7.module_el8.10.0+3864+d8eec553.x86_64.rpm	d86a3e923dc21032c8c5fdb9a4955f711ef028db953d073913af3d450bdc1d4b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.