drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in 389-ds-base
Name: |
Mangelnde Rechteprüfung in 389-ds-base |
|
ID: |
FEDORA-2014-3904 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 20 |
|
Datum: |
So, 16. März 2014, 12:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0132 |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
Name : 389-ds-base Product : Fedora 20 Version : 1.3.2.16 Release : 1.fc20 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
An important security bug was fixed. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Mar 14 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.16-1 - Release 1.3.2.16 (This release is 1.3.2.13 + Ticket 47739) - Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind * Thu Mar 13 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.15-1 - Bump version to 1.3.2.15 - Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry - Ticket 47740 - Coverity issue in 1.3.3 - Ticket 47740 - Fix coverity issues - Part 5 - Ticket 47740 - Fix coverity erorrs - Part 4 - Ticket 47640 - Fix coverity issues - part 3 - Ticket 47740 - Fix sync plugin resource leaks - Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options - Ticket 47740 - Coverity Fixes (Mark - part 1) - Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64 - Ticket 47722 - Fixed filter not correctly identified - Ticket 47722 - rsearch filter error on any search filter * Mon Mar 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.14-1 - Bump version to 1.3.2.14 - Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind - Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the server hung - Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry - Ticket 47729 - Directory Server crashes if shutdown during a replication initialization - Ticket 47637 - rsa_null_sha should not be enabled by default * Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.13-1 - Bump version to 1.3.2.13 - The previous version 1.3.2.12 missed to increment the version in VERSION.sh * Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.12-1 - Bump version to 1.3.2.12 - Ticket 408 - create a normalized dn cache - Ticket 571 - Empty control list causes LDAP protocol error is thrown (dup 47361) - Ticket 408 - create a normalized dn cache - Ticket 47699 - Propagate plugin precedence to all registered function types - Ticket 525 - Replication retry time attributes cannot be added - Ticket 47709 - package issue in 389-ds-base - Ticket 47700 - Unresolved external symbol references break loading of the ACL plugin - Ticket 47642 - Windows Sync group issues - Ticket 525 - Replication retry time attributes cannot be added - Ticket 47692 - single valued attribute replicated ADD does not work - Ticket 47615 - Failed to compile the DS 389 1.3.2.3 version against Berkeley DB 4.2 version - Ticket 47677 - Size returned by slapi_entry_size is not accurate - Ticket 47693 - Environment variables are not passed when DS is started via service * Thu Feb 20 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.11-2 - Added arch aware python dir; moved libns-dshttpd.so* to devel and libs package. * Wed Feb 5 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.11-1 - Bump version to 1.3.2.11 - Ticket 47653 - Need a way to allow users to create entries assigned to themselves. - Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used - Ticket 47374 - flush.pl is not included in perl5 - Ticket 47649 - Server hangs in cos_cache when adding a user entry - Ticket 443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error - Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform - Ticket 47641 - 7-bit check plugin not checking MODRDN operation - Ticket 342 - better error message when cache overflows - Ticket 47516 - replication stops with excessive clock skew - Ticket 47620 - Unable to delete protocol timeout attribute - Ticket 408 - Fix crash when disabling/enabling the setting - Ticket 47629 - random crashes related to sync repl - Ticket 47571 - targetattr ACIs ignore subtype - Ticket 47660 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid read - Revert "Ticket 47653 - Need a way to allow users to create entries assigned to themselves" * Wed Jan 8 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.10-1 - Bump version to 1.3.2.10 - Ticket 447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs - Ticket 47653 - Need a way to allow users to create entries assigned to themselves - Ticket 47647 - remove bogus definition in 60rfc3712.ldif - Ticket 47634 - support AttributeTypeDescription USAGE userApplications distributedOperation dSAOperation - Ticket 47645 - reset stack, op fields to NULL - clean up stacks at shutdown - free unused plugin config entries * Tue Dec 17 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.9-1 - Bump version to 1.3.2.9 - Ticket 47621 - v2 make referential integrity configuration more flexible - Ticket 47620 - Fix missing left bracket - Ticket 47620 - Fix dereferenced NULL pointer in agmtlist_modify_callback() - Ticket 47606 - replica init/bulk import errors should be more verbose - Ticket 47631 - objectclass may, must lists skip rest of objectclass once first is found in sup - Ticket 47627 - Fix replication logging - Ticket 47620 - Fix logically dead code. - Ticket 47313 - Indexed search with filter containing '&' and "!" with attribute subtypes gives wrong result - Ticket 47620 - Config value validation improvement - Ticket 47620 - Fix cherry-pick error for 1.3.2 and 1.3.1 - Ticket 47613 - Issues setting allowed mechanisms - Ticket 47617 - allow configuring changelog trim interval - Ticket 47601 - Plugin library path validation prevents intentional loading of out-of-tree modules - Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN - Ticket 47623 - fix memleak caused by 47347 - Ticket 47622 - Automember betxnpreoperation - transaction not aborted when group entry does not exist - Ticket 47623 - fix memleak caused by 47347 - Ticket 47620 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute * Fri Dec 6 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.8-1 - Bump version to 1.3.2.8 - Ticket 47612 - ns-slapd eats all the memory - Ticket 47527 - Allow referential integrity suffixes to be configurable - Ticket 47526 - Allow memberof suffixes to be configurable - Ticket 342 - better error message when cache overflows (phase 2) - Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code - Ticket 47611 - Add script to build patched RPMs - Ticket 47614 - Possible to specify invalid SASL mechanism in nsslapd-allowed-sasl-mechanisms - Ticket 47613 - Impossible to configure nsslapd-allowed-sasl-mechanisms - Ticket 47592 - automember plugin task memory leaks - Ticket 47591 - entries with empty objectclass attribute value can be hidden - Ticket 47596 - attrcrypt fails to find unlocked key ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1076117 - CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1076117 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|