Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in 389-ds-base
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in 389-ds-base
ID: FEDORA-2014-9391
Distribution: Fedora
Plattformen: Fedora 20
Datum: So, 17. August 2014, 12:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3562
Applikationen: 389-ds-base

Originalnachricht

Name        : 389-ds-base
Product : Fedora 20
Version : 1.3.2.22
Release : 1.fc20
URL : http://port389.org/
Summary : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server. The base package includes
the LDAP server and command line utilities for server administration.

-------------------------------------------------------------------------------
-
Update Information:

389-ds-base-1.3.2.22 release - a security bug fix
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Aug 12 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.22-1
- Release 1.3.2.21
- Resolves: #1127833
Ticket 47869 - unauthenticated information disclosure (Bug 1123477)
389-ds-base-1.3.2.22 = 389-ds-base-1.3.2.19 + Bug 1127833 fix.
* Thu Aug 7 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.21-1
- Release 1.3.2.21
- Resolves: #1127833
Ticket 47869 - unauthenticated information disclosure (Bug 1123477)
- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the
target entry's DN must be adjusted.
- Ticket 47862 - repl-monitor fails to convert "*" to default values
- Ticket 47824 - paged results control is not working in some cases when we
have a subsuffix.
- Ticket 47862 - Repl-monitor.pl ignores the provided connection parameters
- Ticket 346 - Fixing memory leaks
* Tue Jul 22 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.20-1
- Release 1.3.2.20
- Ticket 47753 - Add switch to disable pre-hashed password checking
- Ticket 47861 - Certain schema files are not replaced during upgrade
- Ticket 47858 - Internal searches using OP_FLAG_REVERSE_CANDIDATE_ORDER can
crash the server
- Ticket 47797 - DB deadlock when two threads (on separated backend) try to
record changes in retroCL
- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the
target entry's DN must be adjusted.
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47781 - Server deadlock if online import started while server is
under load
* Thu Jul 3 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.19-1
- Release 1.3.2.19
- Ticket 47779 - Potential deadlock after startup if a dna configuration change
is made
- Ticket 47839 - 389-ds production segfault: __memcpy_sse2_unaligned...
* Tue Jul 1 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.18-1
- Release 1.3.2.18
- Ticket 47750 - Creating a glue fails if one above level is a conflict or
missing
- Ticket 47763 - winsync plugin modify is broken
- Ticket 47821 - deref plugin cannot handle complex acis
- Ticket 47831 - server restart wipes out index config if there is a default
index
- Ticket 47817 - The error result text message should be obtained just prior to
sending result
- Ticket 47815 - Add operations rejected by betxn plugins remain in cache
- Ticket 47809 - find a way to remove replication plugin errors messages
"changelog iteration code returned a dummy entry with csn %s, skipping ..."
- Ticket 47704 - invalid sizelimits in aci group evaluation
- Ticket 47813 - remove "goto bail" from previous commit
- Ticket 47813 - managed entry plugin fails to update member pointer on modrdn
operation
- Ticket 47808 - If be_txn plugin fails in ldbm_back_add, adding entry is
double freed.
- Ticket 47770 - #481 breaks possibility to reassemble memberuid list
* Thu May 29 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.17-1
- Release 1.3.2.17
- Ticket 47446 - logconv.pl memory continually grows
- Ticket 47713 - Logconv.pl with an empty access log gives lots of errors
- Ticket 47806 - Failed deletion of aci: no such attribute
- bump version
- Ticket 47720 - Normalization from old DN format to New DN format doesnt
handel condition properly when there is space in a suffix after the seperator operator.
- Ticket 47670 - Aci warnings in error log
- Ticket 47721 - Schema Replication Issue (follow up)
- Ticket 47721 - Schema Replication Issue (follow up + cleanup)
- Ticket 47721 - Schema Replication Issue
- Ticket 47676 - (cont.) Replication of the schema fails 'master
branch' -> 1.2.11 or 1.3.1
- Ticket 47676 - Replication of the schema fails 'master branch' ->
1.2.11 or 1.3.1
- Ticket 47541 - Fix Jenkins errors
- Ticket 47541 - Replication of the schema may overwrite consumer
'attributetypes' even if consumer definition is a superset
- Ticket 47804 - db2bak.pl error with changelogdb
- Ticket 47780 - Some VLV search request causes memory leaks
- Ticket 47787 - A replicated MOD fails (Unwilling to perform) if it targets a
tombstone
- Ticket 47764 - Problem with deletion while replicated
- Ticket 47750 - Creating a glue fails if one above level is a conflict or
missing; Ticket 47696 - Large Searches Hang - Possibly entryrdn related
- Ticket 47772 - fix coverity issue
- Ticket 47793 - Server crashes if uniqueMember is invalid syntax and memberOf
plugin is enabled.
- Ticket 47792 - database plugins need a way to call betxn plugins
- Ticket 47707 - 389 DS Server crashes and dies while handles paged searches
from clients
- Ticket 47792 - code cleanup
- Ticket 47779 - Need to lock server list when removing list
- Ticket 47771 - Move parentsdn initialization to avoid crash
- Ticket 47779 - Part of DNA shared configuration is deleted after server
restart
- Ticket 346 - Slow ldapmodify operation time for large quantities of
multi-valued attribute values
- Ticket 47782 - Parent numbordinate count can be incorrectly updated if an
error occurs
- Ticket 47772 - empty modify returns LDAP_INVALID_DN_SYNTAX
- Ticket 47774 - mem leak in do_search - rawbase not freed upon certain errors
- Ticket 47773 - mem leak in do_bind when there is an error
- Ticket 47771 - Performing deletes during tombstone purging results in
operation errors
- Ticket 47767 - Nested tombstones become orphaned after purge
- Ticket 47766 - Tombstone purging can crash the server if the backend is
stopped/disabled
- Ticket 47759 - Crash in replication when server is under write load
- Ticket 47740 - Fix coverity issues(part 7)
- Ticket 47748 - Simultaneous adding a user and binding as the user could fail
in the password policy check
- Ticket 47743 - Memory leak with proxy auth control
- Ticket 47740 - Crash caused by changes to certmap.c
- Ticket 47733 - ds logs many "Operation error fetching Null DN"
messages
- Ticket 47740 - Fix coverity issues: null deferences - Part 6
- Ticket 47732 - ds logs many "SLAPI_PLUGIN_BE_TXN_POST_DELETE_FN plugin
returned error" messages
- Ticket 47740 - Coverity issue in 1.3.3
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47740 - Fix coverity issues - Part 5
- Ticket 47740 - Fix coverity erorrs - Part 4
- Ticket 47640 - Fix coverity issues - part 3
- Ticket 47740 - Fix sync plugin resource leaks
- Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options
- Ticket 47740 - Coverity Fixes (Mark - part 1)
- Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64
- Ticket 47722 - Fixed filter not correctly identified
- Ticket 47722 - rsearch filter error on any search filter
* Fri Mar 14 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.16-1
- Release 1.3.2.16 (This release is 1.3.2.13 + Ticket 47739)
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a
SASL/GSSAPI bind
* Thu Mar 13 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.15-1
- Bump version to 1.3.2.15
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47740 - Coverity issue in 1.3.3
- Ticket 47740 - Fix coverity issues - Part 5
- Ticket 47740 - Fix coverity erorrs - Part 4
- Ticket 47640 - Fix coverity issues - part 3
- Ticket 47740 - Fix sync plugin resource leaks
- Ticket 47538 - RFE: repl-monitor.pl plain text output, cmdline config options
- Ticket 47740 - Coverity Fixes (Mark - part 1)
- Ticket 47734 - Change made in resolving ticket #346 fails on Debian SPARC64
- Ticket 47722 - Fixed filter not correctly identified
- Ticket 47722 - rsearch filter error on any search filter
* Mon Mar 10 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.14-1
- Bump version to 1.3.2.14
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a
SASL/GSSAPI bind
- Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue
makes the server hung
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47729 - Directory Server crashes if shutdown during a replication
initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
* Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.13-1
- Bump version to 1.3.2.13
- The previous version 1.3.2.12 missed to increment the version in VERSION.sh
* Fri Feb 28 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.12-1
- Bump version to 1.3.2.12
- Ticket 408 - create a normalized dn cache
- Ticket 571 - Empty control list causes LDAP protocol error is thrown (dup
47361)
- Ticket 408 - create a normalized dn cache
- Ticket 47699 - Propagate plugin precedence to all registered function types
- Ticket 525 - Replication retry time attributes cannot be added
- Ticket 47709 - package issue in 389-ds-base
- Ticket 47700 - Unresolved external symbol references break loading of the ACL
plugin
- Ticket 47642 - Windows Sync group issues
- Ticket 525 - Replication retry time attributes cannot be added
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47615 - Failed to compile the DS 389 1.3.2.3 version against Berkeley
DB 4.2 version
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via
service
* Thu Feb 20 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.11-2
- Added arch aware python dir; moved libns-dshttpd.so* to devel and libs
package.
* Wed Feb 5 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.11-1
- Bump version to 1.3.2.11
- Ticket 47653 - Need a way to allow users to create entries assigned to
themselves.
- Ticket 471 - logconv.pl tool removes the access logs contents if
"-M" is not correctly used
- Ticket 47374 - flush.pl is not included in perl5
- Ticket 47649 - Server hangs in cos_cache when adding a user entry
- Ticket 443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs
returns Operations error
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit
platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 342 - better error message when cache overflows
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47620 - Unable to delete protocol timeout attribute
- Ticket 408 - Fix crash when disabling/enabling the setting
- Ticket 47629 - random crashes related to sync repl
- Ticket 47571 - targetattr ACIs ignore subtype
- Ticket 47660 - config_set_allowed_to_delete_attrs: Valgrind reports Invalid
read
- Revert "Ticket 47653 - Need a way to allow users to create entries
assigned to themselves"
* Wed Jan 8 2014 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.10-1
- Bump version to 1.3.2.10
- Ticket 447 - Possible to add invalid attribute to
nsslapd-allowed-to-delete-attrs
- Ticket 47653 - Need a way to allow users to create entries assigned to
themselves
- Ticket 47647 - remove bogus definition in 60rfc3712.ldif
- Ticket 47634 - support AttributeTypeDescription USAGE userApplications
distributedOperation dSAOperation
- Ticket 47645 - reset stack, op fields to NULL - clean up stacks at shutdown -
free unused plugin config entries
* Tue Dec 17 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.9-1
- Bump version to 1.3.2.9
- Ticket 47621 - v2 make referential integrity configuration more flexible
- Ticket 47620 - Fix missing left bracket
- Ticket 47620 - Fix dereferenced NULL pointer in agmtlist_modify_callback()
- Ticket 47606 - replica init/bulk import errors should be more verbose
- Ticket 47631 - objectclass may, must lists skip rest of objectclass once
first is found in sup
- Ticket 47627 - Fix replication logging
- Ticket 47620 - Fix logically dead code.
- Ticket 47313 - Indexed search with filter containing '&' and
"!" with attribute subtypes gives wrong result
- Ticket 47620 - Config value validation improvement
- Ticket 47620 - Fix cherry-pick error for 1.3.2 and 1.3.1
- Ticket 47613 - Issues setting allowed mechanisms
- Ticket 47617 - allow configuring changelog trim interval
- Ticket 47601 - Plugin library path validation prevents intentional loading of
out-of-tree modules
- Ticket 47627 - changelog iteration should ignore cleaned rids when getting
the minCSN
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47622 - Automember betxnpreoperation - transaction not aborted when
group entry does not exist
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47620 - 389-ds rejects nsds5ReplicaProtocolTimeout attribute
* Fri Dec 6 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.2.8-1
- Bump version to 1.3.2.8
- Ticket 47612 - ns-slapd eats all the memory
- Ticket 47527 - Allow referential integrity suffixes to be configurable
- Ticket 47526 - Allow memberof suffixes to be configurable
- Ticket 342 - better error message when cache overflows (phase 2)
- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code
- Ticket 47611 - Add script to build patched RPMs
- Ticket 47614 - Possible to specify invalid SASL mechanism in
nsslapd-allowed-sasl-mechanisms
- Ticket 47613 - Impossible to configure nsslapd-allowed-sasl-mechanisms
- Ticket 47592 - automember plugin task memory leaks
- Ticket 47591 - entries with empty objectclass attribute value can be hidden
- Ticket 47596 - attrcrypt fails to find unlocked key
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1127833 - CVE-2014-3562 389-ds-base: 389-ds: unauthenticated
information disclosure [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1127833
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update 389-ds-base' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung