Operating System:

[RedHat]

Published:

07 April 2021

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2021.1156 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1156
                  389-ds:1.4 security and bug fix update
                               7 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           389-ds:1.4 module
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-35518  

Reference:         ESB-2021.0829
                   ESB-2021.0573

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1086

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: 389-ds:1.4 security and bug fix update
Advisory ID:       RHSA-2021:1086-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1086
Issue date:        2021-04-06
CVE Names:         CVE-2020-35518 
=====================================================================

1. Summary:

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise
Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The
base packages include the Lightweight Directory Access Protocol (LDAP)
server and command-line utilities for server administration. 

Security Fix(es):

* 389-ds-base: information disclosure during the binding of a DN
(CVE-2020-35518)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* dscreate would not always set the correct hostname for the self-signed
certificate database (BZ#1912481)

* Indexing a heavily nested database could fail and it would corrupt the
database (BZ#1936461)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1905565 - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN
1908705 - CVE-2020-35518 389-ds:1.4/389-ds-base: information disclosure during the binding of a DN [rhel-8.3.0.z]
1912481 - Server-Cert.crt created using dscreate has Subject:CN =localhost instead of hostname. [rhel-8.3.0.z]
1936461 - A failed re-indexing leaves the database in broken state. [rhel-8.3.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.src.rpm

aarch64:
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.aarch64.rpm

noarch:
python3-lib389-1.4.3.8-7.module+el8.3.0+10310+6e88d919.noarch.rpm

ppc64le:
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.ppc64le.rpm

s390x:
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.s390x.rpm

x86_64:
389-ds-base-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-debugsource-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-devel-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-legacy-tools-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-legacy-tools-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-libs-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-libs-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-snmp-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm
389-ds-base-snmp-debuginfo-1.4.3.8-7.module+el8.3.0+10310+6e88d919.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-35518
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYGxrjtzjgjWX9erEAQiprA/8C9rh7dQfS/1EtUwul9AZF3Yh9ep2T9Ck
suD6B65LRxxaSHVcg8ubkWbRK9tAaFFJbjyDH2vGwGayM5uifAzfZjqOrfh+725V
VsbNMKDEzNPCivVOGIdy2y3s6TiKHhBrZTrus1YkphacULyZLELP3dOm7Hct7pn8
C/oU+H2sZ40BWLZaiIbXWVrSjiN35/64Al+TkkalvnrtcmaCK8EIfRj6dx0sc4gt
0LZrKngClSRlS+MWALTJMEJFpyoNzWifkyhqijTRELBpDIqER6nad7fszmsVp5sT
NvBcsBpvT8dFBq0wLxA2QjY6Oa2ZZUQRrLyRn/TzrJxAjL17KkbFmy92puA1/MLM
AVZaYZlRK20G0UiApy8Yk4Jg2e/8km/2CkiEodm29yYEPW1EChfnHygZQiV62NwV
TLJEUWYvk5FWUFNc+ADA/RYz4ClrqUQrZtBv6F7yR1MlpRxr87GONHsXSCFoNdCI
9YdeV49yaEwHu5rPhNOMYHsZVk95tD/5KUam0dc01ca8Iyb7fjewPdUlOI+0r2hW
wgIcw0Cn9CJ8GKBhp0bsGnnTScr47ovIx+NAHBez0BT7AAF3HI7JU1BfxpitIKjL
NtYMYdwh+3dY5KhdaOa+9Zl49+2UF7mgyYk4DOZAsV84tZvF4oRBAUT1/SNL1Kbg
Ihbo96kCFDk=
=m//p
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYGz46uNLKJtyKPYoAQhZEQ//TePC+R8/ENgQyY54xZHXF0UsANOGYO6x
eEa11xXKNSRjxrGQZyAULuNH99uycHPubr+3l15LLX4R2aOoVzS6NfPlUk5WZTOx
kKAPKeKoyJgOmoUgNXCtxEx+FS25YXCBEHTN58zzwBgLrj0Y044nlHFZ1d5//TzA
+8f14+e25h7jcVL2p+QTFrcQGi3iGCnnJxSDODzlNNy6Uu+99pJhmIywj3smzG8S
vHIjvN6YNqWO0XRT+WnJKSyVKgBNgEOgalJWTqTRrF9UYze9UDQrIzQkRr22PBgT
ujOfEjiYx/PjLazenmq+VGGvpJ4kHLFcKJcAbXOAann/JgqQ5Jb3nGf0BFMv+3Dn
EHAHVleJg8Yi7jHsF19AQpOclmD4o8w7n7C3qbU4srx0Q5iyBS5pTS4wGnu9KdCN
lDMeGANF1+xza3m33o9imP0wc+818anJehub+DZZvqzGPS527Ir4Z6+ACKMzHAxQ
u7gHc56leCQAwFhcDHWz0Oz9VLhu3jyali4HWo6W+qVfGXBWClUqRhX4hiCpVZNp
QTSBcf8oVpnWFWQcFpD3RVpAhfa7D5kx9ffcyS0LLY3rSI6xatMK0zmt++XxiQYD
ij8lqO4lJGQ/Gve1yoGHElfLx+glJOObI/5tTLifTc3LzOAMNiTtlH/AJWG5jfbA
LBjkwQ/mZqk=
=yL4A
-----END PGP SIGNATURE-----