Red Hat: 2013:0742-01: 389-ds-base: Low Advisory

    Date15 Apr 2013
    1729
    Posted ByJoe Shakespeare
    Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More...]
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Low: 389-ds-base security and bug fix update
    Advisory ID:       RHSA-2013:0742-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://rhn.redhat.com/errata/RHSA-2013-0742.html
    Issue date:        2013-04-15
    CVE Names:         CVE-2013-1897 
    =====================================================================
    
    1. Summary:
    
    Updated 389-ds-base packages that fix one security issue and several bugs
    are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available from the CVE link in
    the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
    Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
    Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
    Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
    
    3. Description:
    
    The 389 Directory Server is an LDAPv3 compliant server. The base packages
    include the Lightweight Directory Access Protocol (LDAP) server and
    command-line utilities for server administration.
     
    It was found that the 389 Directory Server did not properly restrict access
    to entries when the "nsslapd-allow-anonymous-access" configuration setting
    was set to "rootdse". An anonymous user could connect to the LDAP database
    and, if the search scope is set to BASE, obtain access to information
    outside of the rootDSE. (CVE-2013-1897)
    
    This issue was discovered by Martin Kosek of Red Hat.
    
    This update also fixes the following bugs:
    
    * Previously, the schema-reload plug-in was not thread-safe. Consequently,
    executing the schema-reload.pl script under heavy load could have caused
    the ns-slapd process to terminate unexpectedly with a segmentation fault.
    Currently, the schema-reload plug-in is re-designed so that it is
    thread-safe, and the schema-reload.pl script can be executed along with
    other LDAP operations. (BZ#929107)
    
    * An out of scope problem for a local variable, in some cases, caused the
    modrdn operation to terminate unexpectedly with a segmentation fault. This
    update declares the local variable at the proper place of the function so
    it does not go out of scope, and the modrdn operation no longer crashes.
    (BZ#929111)
    
    * A task manually constructed an exact value to be removed from the
    configuration if the "replica-force-cleaning" option was used.
    Consequently, the task configuration was not cleaned up, and every time the
    server was restarted, the task behaved in the described manner. This update
    searches the configuration for the exact value to delete, instead of
    manually building the value, and the task does not restart when the server
    is restarted. (BZ#929114)
    
    * Previously, a NULL pointer dereference could have occurred when
    attempting to get effective rights on an entry that did not exist, leading
    to an unexpected termination due to a segmentation fault. This update
    checks for NULL entry pointers and returns the appropriate error. Now,
    attempts to get effective rights on an entry that does not exist no longer
    causes crashes, and the server returns the appropriate error message.
    (BZ#929115)
    
    * A problem in the lock timing in the DNA plug-in caused a deadlock if the
    DNA operation was executed with other plug-ins. This update moves the
    release timing of the problematic lock, and the DNA plug-in does not cause
    the deadlock. (BZ#929196)
    
    All 389-ds-base users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. After installing
    this update, the 389 server service will be restarted automatically.
    
    4. Solution:
    
    Before applying this update, make sure all previously-released errata
    relevant to your system have been applied.
    
    This update is available via the Red Hat Network. Details on how to
    use the Red Hat Network to apply this update are available at
    https://access.redhat.com/knowledge/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    928105 - CVE-2013-1897 389-ds: unintended information exposure when rootdse is enabled
    929111 - Crash in MODRDN
    929114 - cleanAllRUV task fails to cleanup config upon completion
    929115 - crash in aci evaluation
    
    6. Package List:
    
    Red Hat Enterprise Linux Desktop Optional (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    i386:
    389-ds-base-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    
    x86_64:
    389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
    
    Red Hat Enterprise Linux HPC Node Optional (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    x86_64:
    389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
    
    Red Hat Enterprise Linux Server (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    i386:
    389-ds-base-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    
    x86_64:
    389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
    
    Red Hat Enterprise Linux Server Optional (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    i386:
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    
    x86_64:
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    i386:
    389-ds-base-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    
    x86_64:
    389-ds-base-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-libs-1.2.11.15-14.el6_4.x86_64.rpm
    
    Red Hat Enterprise Linux Workstation Optional (v. 6):
    
    Source:
    ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/389-ds-base-1.2.11.15-14.el6_4.src.rpm
    
    i386:
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    
    x86_64:
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-debuginfo-1.2.11.15-14.el6_4.x86_64.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.i686.rpm
    389-ds-base-devel-1.2.11.15-14.el6_4.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/#package
    
    7. References:
    
    https://www.redhat.com/security/data/cve/CVE-2013-1897.html
    https://access.redhat.com/security/updates/classification/#low
    
    8. Contact:
    
    The Red Hat security contact is .  More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2013 Red Hat, Inc.
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"48","type":"x","order":"1","pct":88.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"4","type":"x","order":"2","pct":7.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.