Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2716 389-ds:1.4 security and bug fix update 11 August 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: 389-ds:1.4 Publisher: Red Hat Operating System: Red Hat UNIX variants (UNIX, Linux, OSX) Impact/Access: Unauthorised Access -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-3652 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:3079 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Low: 389-ds:1.4 security and bug fix update Advisory ID: RHSA-2021:3079-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3079 Issue date: 2021-08-10 Cross references: https://access.redhat.com/security/updates/classification/#low CVE Names: CVE-2021-3652 ===================================================================== 1. Summary: An update for the 389-ds:1.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further reindex (BZ#1983095) * On big endian machine, the server fails to identify the operation type (BZ#1980063) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1980063 - IPA installation fails on s390x with 389-ds-base-1.4.3.8-4.module+el8.3.0+7193+dfd1e8ad.s390x [rhel-8.4.0.z] 1982782 - CVE-2021-3652 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed 1983095 - Internal unindexed searches in syncrepl [rhel-8.4.0.z] 1984091 - persistent search returns entries even when an error is returned by content-sync-plugin [rhel-8.4.0.z] 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.src.rpm aarch64: 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm 389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.aarch64.rpm noarch: python3-lib389-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.noarch.rpm ppc64le: 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm 389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.ppc64le.rpm s390x: 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm 389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.s390x.rpm x86_64: 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-debugsource-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-devel-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-legacy-tools-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-legacy-tools-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-libs-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-libs-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-snmp-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm 389-ds-base-snmp-debuginfo-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3652 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYRKHQ9zjgjWX9erEAQi52Q//Yhzf4kJb92pgQea1OELXs3MSKAsxLSsK wTZeufVhSjUzi5Io7dKdYEi8XtH5JEKIPiXqrcBN8Ry5b42Ppc0nbf6b8TLmJHgB 6jPwiaBQU9FlsIrGla5jIvK/7zwORQCoDKBVtwcOGduEB+kOnj5zuoyyEz0gqjAP Yhab6dzidyh0DWW6PyyQ6+JFU6x9G9oeGg9eqgAfsUHb6K7FmSyheXL8xZkjiN0z dovvj8nb7KFfYx1fXMpBaFzCZHDdondW5PLMXQ5GA3xpTdBBVVRkPVRm+ejQy5qZ b5P7cu+0/U8z8o7dj5p4g71osN+O/mLSFg0qsNuzpXjSD7oEzzB1b2KhEdZQIN4O w5RrfJcdWqnt4OLHcl4GZ9AYjqmH9ZkNUjfc+ARS3LoLDcGTxRq3mBCbNVv6dAVr NpfByZSmK2s1rSS9Dmf7p7zoCo++k2zk6l7fLkl72iu/UOFvwI7DoLuR56WmItd4 05oAV7gvZA+eN/VyglMYt6CM/iw4GBBHUaEHBi1qEawE6yZ1dBy8XR75ePd/z5Pn SeReL/5eOCXr4rQqZQJ7mE+JimcAokzMyHSOBf4AU/iWZhRclbolJV1kWarGyScU mIX3TPkSd8l2s8L0zIBy3NLRYyDEevmj446OgPRD5qpo2DPhJrZkJEXZXltiTgJH 8pexsoaEh0A= =tg33 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYRNnAeNLKJtyKPYoAQi4wxAAmhvyPPsDC0kNykT6u0vk7FEWbGS1efzl tuQpJE1BSjwgQpZDmZ7K90QULkLfrqMfIkOru/a9rtVKBd0PtURIPlv49mHd2C+O k3eU4GDqFs5qbai2/QPjwd1R0dTevi6oxrqMZRDCR9tnWR1h8TdWONQv+0CHq1wA ptNzMXpmZV0H0qSAjw4qpSSTmfK0tqX4+vr6kQ5Wh5XmjcN0Sl931UCBhrdCivRv DoS+9MTgKCMnEdcmhXHfhTj4ge7xcyyLJgHkSBMLp0uxTokB7K8FaH4lSaLC6A4H hUsHaaWuCLDiAEuA2dMabbB5u99eSvRNmLvXazZMlKwLejj6k6ADgE4xH+A+Ki6y kbhOLsMDgOJv5m+cNNEiSH+nxBj6fIK0dWUThC+obJZ02WZ626JtxDmp/5UmzSrE N5lMLqJ/dK8CXsUQVDx/ArkxXX3NzUD0gVqdR111bDzAtoHzYsXnIngkCO4t1ALJ dHTfCZrN9VLecRXy+mdWwGwA1Mk6jDemfP/P71wKiHBJSc1Brv7+NC7TAW/rS5C8 gDOOgKYtofrlj7KW0IMEKu2ckLAqC5/uUY6V6rk0HydJShwWL191Z+BoltkRKNln o6jYFTwaPQpqNRo+47pH+Q7yOn7G/iW+sqpRJyTCXq8USg6Uil03HsqDwcHAEWGo 4cG54vh733E= =rkVZ -----END PGP SIGNATURE-----