drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in 389-ds-base
Name: |
Mangelnde Rechteprüfung in 389-ds-base |
|
ID: |
FEDORA-2014-3936 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
So, 16. März 2014, 12:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132 |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
Name : 389-ds-base Product : Fedora 19 Version : 1.3.1.22 Release : 1.fc19 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
An important security bug was fixed. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Mar 14 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.22-1 - Release 1.3.1.22 (This release is 1.3.1.19 + Ticket 47739) - Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind * Thu Mar 13 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.21-1 - bump version to 1.3.1.21 - Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry - Ticket 47740 - Coverity issue in 1.3.3 - Ticket 47740 - Fix coverity issues - Part 5 - Ticket 47740 - Fix coverity erorrs - Part 4 - Ticket 47640 - Fix coverity issues - part 3 - Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options - Ticket 47740 - Coverity Fixes (Mark - part 1) - Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64 - Ticket 47722 - Fixed filter not correctly identified - Ticket 47722 - rsearch filter error on any search filter * Mon Mar 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.20-1 - bump version to 1.3.1.20 - Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind - Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the server hung - Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry - Ticket 47729 - Directory Server crashes if shutdown during a replication initialization - Ticket 47637 - rsa_null_sha should not be enabled by default * Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.19-1 - bump version to 1.3.1.19 - Ticket 408 - create a normalized dn cache - Ticket 571 - Empty control list causes LDAP protocol error is thrown (dup 47361) - Ticket 408 - create a normalized dn cache - Ticket 525 - Replication retry time attributes cannot be added - Ticket 47709 - package issue in 389-ds-base - Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist - Ticket 47642 - Windows Sync group issues - Ticket 47704 - invalid sizelimits in aci group evaluation - Ticket 525 - Replication retry time attributes cannot be added - Ticket 47692 - single valued attribute replicated ADD does not work - Ticket 47677 - Size returned by slapi_entry_size is not accurate - Ticket 47693 - Environment variables are not passed when DS is started via service * Thu Feb 20 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.18-2 - Added arch aware python dir; moved libns-dshttpd.so* to devel and libs package. * Wed Feb 5 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.18-1 - the 1.3.1.18 release - Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used - Ticket 47374 - flush.pl is not included in perl5 - Ticket 47463 - IDL-style can become mismatched during partial restoration - Ticket 47649 - Server hangs in cos_cache when adding a user entry - Ticket 443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error - Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform - Ticket 47641 - 7-bit check plugin not checking MODRDN operation - Ticket 342 - better error message when cache overflows - Ticket 47516 - replication stops with excessive clock skew - Ticket 47620 - Unable to delete protocol timeout attribute - Ticket 408 - Fix crash when disabling/enabling the setting - Ticket 47660 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read * Wed Jan 8 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.17-1 - the 1.3.1.17 release - Ticket 342 - better error message when cache overflows (phase 2) - Ticket 447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs - Ticket 571 (dup 47361) - Empty control list causes LDAP protocol error is thrown - Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code - Ticket 47591 - entries with empty objectclass attribute value can be hidden - Ticket 47592 - automember plugin task memory leaks - Ticket 47596 - attrcrypt fails to find unlocked key - Ticket 47599 - fix memory leak - Ticket 47606 - replica init/bulk import errors should be more verbose - Ticket 47611 - Add script to build patched RPMs - Ticket 47611 - Add make rpms build target - Ticket 47613 - Issues setting allowed mechanisms - Ticket 47613 - Impossible to configure nsslapd-allowed-sasl-mechanisms - Ticket 47614 - Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms - Ticket 47620 - Fix missing left bracket - Ticket 47620 - Fix dereferenced NULL pointer in agmtlist_modify_callback() - Ticket 47620 - Fix logically dead code. - Ticket 47620 - Config value validation improvement - Ticket 47620 - Fix cherry-pick error for 1.3.2 and 1.3.1 - Ticket 47620 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute - Ticket 47622 - Automember betxnpreoperation - transaction not aborted when group entry does not exist - Ticket 47623 - fix memleak caused by 47347 - Ticket 47627 - Fix replication logging - Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN * Fri Nov 22 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.16-1 - Ticket 47599 - Reduce lock scope in retro changelog plug-in - Forgot to add definition of retrocl_cn_lock * Thu Nov 21 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.15-1 - Ticket #47605 CVE-2013-4485: DoS due to improper handling of ger attr searche - Ticket 47599 - Reduce lock scope in retro changelog plug-in - Ticket #47596 attrcrypt fails to find unlocked key - Ticket 47598 - Convert ldbm_back_seq code to be transaction aware - Ticket 47597 - Convert retro changelog plug-in to betxn - Revert "Ticket #47559 hung server - related to sasl and initialize" - Ticket #47585 Replication Failures related to skipped entries due to cleaned rids * Fri Nov 8 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.14-1 - the 1.3.1.14 release - several bug fixes - Ticket 47589 - Winsync replica initialization and incremental updates from DS to AD fails on RHEL7 - Ticket 47588 - Compiler warnings building on F19 - Coverity (Part 7) + Jenkins fix * Wed Nov 6 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.13-1 - the 1.3.1.13 release - several bug fixes - Ticket 47379 - DNA plugin failed to fetch replication agreement - Ticket 47379 - DNA plugin failed to fetch replication agreement - Ticket 47581 - Winsync plugin segfault during incremental backoff (phase 2) - Ticket 47581 - Winsync plugin segfault during incremental backoff - Ticket 47577 - crash when removing entries from cache - Ticket 47560 - fixup memberof task does not work: task entry not added - Ticket 47559 - hung server - related to sasl and initialize - ticket 47550 - wip (cherry picked from commit 82377636267787be5182457d619d5a0b662d2658) (cherry picked from commit 181fde98aee96868189bc5557c5f33fefa026952) - Coverity Fixes - Ticket 47329 - Improve slapi_back_transaction_begin() return code when transactions are not available - Ticket 47550 - logconv: failed logins: Use of uninitialized value in numeric comparison at logconv.pl line 949 * Thu Oct 10 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.12-1 - release 1.3.1.12 - Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/loc - Ticket 47551 - logconv: -V does not produce unindexed search report - Ticket 53 - Need to update supported locales - Ticket 47517 - memory leak in range searches and other various leaks - Ticket 53 - Need to update supported locales Cleaning up typos and format. - Ticket 53 - Need to update supported locales - Ticket 47522 - Password adminstrators should be able to voilate password policy - Ticket 54 - locale "nl" not supported by collation plugin - Ticket 47543 - Mozldap - fix compiler warnings - Coverity fixes - 12023, 12024, and 12025 - Ticket 47533 - logconv: some stats do not work across server restarts - Ticket 47501 - logconv.pl uses /var/tmp for BDB temp files - Ticket 47520 - Fix various issues with logconv.pl - Ticket 47387 - improve logconv.pl performance with large access logs - Ticket 47387 - improve logconv.pl performance with large access logs - Ticket 47354 - Indexed search are logged with 'notes=U' in the access logs * Mon Sep 30 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.11-1 - Ticket 47513 - Set localrundir outside of the "with-fhs" block - Ticket 47513 - Refine the check for @localrundir@ - Ticket 47510 - remove unnecessary typedef - Ticket 47510 - Repl Sync does not compile against MozLDAP libraries * Fri Sep 27 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.10-1 - Ticket #47534 - RUV tombstone search with scope "one" doesn`t work - Ticket 47510 - 389-ds-base does not compile against MozLDAP libraries - Ticket #47523 - Set up replcation/agreement before initializing the sub suffix, the sub suffix is not found by ldapsearch - Ticket 47528 - 389-ds-base built with mozldap can crash from invalid free - Ticket #47504 idlistscanlimit per index/type/value - Ticket 47513 - tmpfiles.d references /var/lock when they should reference /run/lock - Ticket #47492 - PassSync removes User must change password flag on the Windows side - Ticket 47509 - CLEANALLRUV doesnt run across all replicas - Ticket #47516 replication stops with excessive clock skew - 6829200 Coverity fix - 11952 - for Ticket 47512 - Ticket 47512 - backend txn plugin fixup tasks should be done in a txn * Fri Sep 13 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.9-1 - release 1.3.1.9 - Ticket 449 - Allow macro aci keywords to be case-insensitive - Ticket 47489 - Under specific values of nsDS5ReplicaName, replication may get broken or updates missing - Ticket 47507 - automember rebuild task not working as expected * Fri Sep 6 2013 Rich Megginson <rmeggins@redhat.com> - 1.3.1.8-1 - Ticket #47455 - valgrind - value mem leaks, uninit mem usage - fix breakage in slapi-nis introduced with the previous fix - Ticket 47500 - start-dirsrv/restart-dirsrv/stop-disrv do not register with systemd correctly * Wed Aug 28 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.7-1 - bump version to 1.3.1.7 - Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN - Ticket 47488 - Users from AD sub OU does not sync to IPA - Ticket 47461 - logconv.pl - Use of comma-less variable list is deprecated - Ticket 47473 - setup-ds.pl doesn't lookup the "root" group correctly * Thu Aug 1 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.6-1 - bump version to 1.3.1.6 - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - fix coverity 11915 - dead code - introduced with fix for ticket 346 - fix coverity 11895 - null deref - caused by fix to ticket 47392 - fix compiler warning in posix winsync code for posix_group_del_memberuid_callback - Fix compiler warnings for Ticket 47395 and 47397 - fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) - Ticket 47450 - Fix compiler formatting warning errors for 32/64 bit arch - fix compiler warnings - Fix compiler warning (cherry picked from commit ec6ebc0b0f085a82041d993ab2450a3922ef5502) * Wed Jul 31 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.5-1 - bump version to 1.3.1.5 - Ticket 47456 - delete present values should append values to deleted values - Ticket 47455 - valgrind - value mem leaks, uninit mem usage - Ticket 47448 - Segfault in 389-ds-base-1.3.1.4-1.fc19 when setting up FreeIPA replication - Ticket 47440 - Fix runtime errors caused by last patch. - Ticket 47440 - Fix compilation warnings and header files - Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios - Ticket 47447 - logconv.pl man page missing -m,-M,-B,-D - Ticket 47378 - fix recent compiler warnings - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47449 - deadlock after adding and deleting entries - Ticket 47441 - Disk Monitoring not checking filesystem with logs - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold * Fri Jul 19 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.4-1 - bump version to 1.3.1.4 - Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. - Ticket 47424 - Replication problem with add-delete requests on single-valued attributes - Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47421 - memory leaks in set_krb5_creds - Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values - Ticket 47369 version2 - provide default syntax plugin - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY rule - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15 - Ticket 47392 - ldbm errors when adding/modifying/deleting entries - Ticket 47385 - Disk Monitoring is not triggered as expected. - Ticket 47410 - changelog db deadlocks with DNA and replication * Wed Jul 3 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.1.3-1 - bump version to 1.3.1.3 - Ticket 47374 - flush.pl is not included in perl5 - Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix) - Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization - Ticket 47395 47397 - v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured - Ticket 47396 - crash on modrdn of tombstone - Ticket 47400 - MMR stress test with dna enabled causes a deadlock - Ticket 47409 - allow setting db deadlock rejection policy - Ticket 47419 - Unhashed userpassword can accidentally get removed from mods - Ticket 47420 - An upgrade script 80upgradednformat.pl fails to handle a server instance name incuding '-' ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1076117 - CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1076117 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|