Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:2910-1 Important: 389-ds Denial of Service Fix

suse
Calendar Grey August 14, 2024
Dist Suse Esm H88
Urgent patch roll-out for 389-ds targets denial of service issues along with several flaws present in SUSE offerings. Take immediate action.
* bsc#1225507 * bsc#1225512 * bsc#1226277 * bsc#1228912

Summary

## This update for 389-ds fixes the following issues: Security issues fixed: * CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) * CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes (bsc#1226277) * CVE-2024-2199: Fixed a crash caused by malformed userPassword in do_modify() (bsc#1225507) Non-security issues fixed: * crash when user does change password using iso-8859-1 encoding (bsc#1228912) * Update to version 2.2.10: Issue 2324 - Add a CI test (#6289) Issue 6284 - BUG - freelist ordering causes high wtime Issue 5327 - Fix test metadata Issue 5853 - Update Cargo.lock Issue 5962 - Rearrange includes for 32-bit support logic Issue 5973 - Fix fedora cop RawHide builds (#5974) Bump braces from 3.0.2 to 3.0.3 in

Topics%20covered

Topics Covered

security advisory denial of service security issue update important SUSE 389-ds

References

* bsc#1225507

* bsc#1225512

* bsc#1226277

* bsc#1228912

Cross-

* CVE-2024-2199

* CVE-2024-3657

* CVE-2024-5953

CVSS scores:

* CVE-2024-2199 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-3657 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-5953 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.6

* Server Applications Module 15-SP6

* SUSE Linux Enterprise Real Time 15 SP6

* SUSE Linux Enterprise Server 15 SP6

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves three vulnerabilities and has one security fix can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2024-2199.html

* https://www.suse.com/security/cve/CVE-2024-3657.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:2910-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service security issue update important SUSE 389-ds

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here