drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in 389-ds-base
Name: |
Denial of Service in 389-ds-base |
|
ID: |
FEDORA-2013-15518 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 18 |
|
Datum: |
Sa, 31. August 2013, 09:42 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4283 |
|
Applikationen: |
389 Directory Server |
|
Originalnachricht |
Name : 389-ds-base Product : Fedora 18 Version : 1.3.0.8 Release : 1.fc18 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration.
------------------------------------------------------------------------------- - Update Information:
In this version, a security bug -- modifying an entry specified by an invalid DN crashed the server -- was fixed. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Aug 28 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.8-1 - bump version to 1.3.0.8 - Bug 1002215 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN * Wed Jul 31 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.7-1 - bump version to 1.3.0.7 - fix coverity 11895 - null deref - caused by fix to ticket 47392 - fix compiler warning in posix winsync code for posix_group_del_memberuid_callback (cherry picked from commit f440e039a5f2a7b2ea0dd087d8e91c554abc1be0) - Fix compiler warnings for Ticket 47395 and 47397 - fix compiler warning (cherry picked from commit 904416f4631d842a105851b4a9931ae17822a107) (cherry picked from commit 3a5f8de21fba3656670b8ee35e020f159d4110db) - Ticket 543 - Sorting with attributes in ldapsearch gives incorrect result - Ticket 47405 - CVE-2013-2219 ACLs inoperative in some search scenarios - Ticket 47449 - deadlock after adding and deleting entries - Ticket 47421 - memory leaks in set_krb5_creds - Ticket 47441 - Disk Monitoring not checking filesystem with logs - Ticket 47435 - Very large entryusn values after enabling the USN plugin and the lastusn value is negative. - Ticket 47424 - Replication problem with add-delete requests on single-valued attributes - Ticket 47367 - (phase 2) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47367 - (phase 1) ldapdelete returns non-leaf entry error while trying to remove a leaf entry - Ticket 47399 - RHDS denies MODRDN access if ACI list contains any DENY rule - Ticket 47427 - Overflow in nsslapd-disk-monitoring-threshold - Ticket 47428 - Memory leak in 389-ds-base 1.2.11.15 - Ticket 47392 - ldbm errors when adding/modifying/deleting entries - Ticket 47385 - Disk Monitoring is not triggered as expected. - Ticket 47410 - changelog db deadlocks with DNA and replication - Ticket 47419 - Unhashed userpassword can accidentally get removed from mods - Ticket 47409 - allow setting db deadlock rejection policy - Ticket 47393 - Attribute are not encrypted on a consumer after a full initialization - Ticket 47395 47397 v2 correct behaviour of account policy if only stateattr is configured or no alternate attr is configured - Ticket 47396 - crash on modrdn of tombstone - Ticket 47402 - Attribute names are incorrect in search results - Ticket 47400 - MMR stress test with dna enabled causes a deadlock - Ticket 47391 - deleting and adding userpassword fails to update the password (additional fix) - Ticket 47391 - deleting and adding userpassword fails to update the password - Coverity Fixes (Part 7) - Ticket 47376 - DESC should not be empty as per RFC 2252 (ldapv3) - Ticket 47375 - flush_ber error sending back start_tls response will deadlock - Ticket 47377 - make listen backlog size configurable - Ticket 47383 - connections attribute in cn=snmp,cn=monitor is counted twice - Ticket 47385 - DS not shutting down when disk monitoring threshold is reached - Ticket 47378 - fix recent compiler warnings - Coverity Fixes (Part 5) - Coverity Fixes (Part 4) - Coverity Fixes (Part 3) - Coverity Fixes (Part 2) - Coverity Fixes (part 1) - Ticket 580 - Wrong error code return when using EXTERNAL SASL and no client certificate - Ticket 47349 - DS instance crashes under a high load - Ticket 47359 - new ldap connections can block ldaps and ldapi connections - Ticket 47327 - error syncing group if group member user is not synced - Ticket 47362 - ipa upgrade selinuxusermap data not replicating - Revert "Ticket 47355 - dse.ldif doesn't replicate update to nsslapd-sasl-mapping-fallback" - Revert "Ticket 511 - Revision - allow turning off vattr lookup in search entry return" - Ticket 511 - Revision - allow turning off vattr lookup in search entry return - Ticket 47355 - dse.ldif doesn't replicate update to nsslapd-sasl-mapping-fallback - Ticket 47347 - Simple paged results should support async search * Wed Apr 10 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.6-1 - bump version to 1.3.0.6 - Ticket 623 - cleanAllRUV task fails to cleanup config upon completion - Coverity fix 13139 - Dereference after NULL check in slapi_attr_value_normalize_ext() - Ticket 47318 - server fails to start after upgrade(schema error) * Thu Mar 28 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.5-1 - bump version to 1.3.0.5 - Ticket 47308 - unintended information exposure when anonymous access is set to rootdse - Ticket 628 - crash in aci evaluation - Ticket 627 - ns-slapd crashes sporadically with segmentation fault in libslapd.so - Ticket 634 - Deadlock in DNA plug-in Ticket #576 - DNA: use event queue for config update only at the start up - Ticket 632 - 389-ds-base cannot handle Kerberos tickets with PAC - Ticket 623 - cleanAllRUV task fails to cleanup config upon completion * Mon Mar 11 2013 Mark Reynolds <mreynolds@redhat.com> - 1.3.0.4-1 e53d691 bump version to 1.3.0.4 Bug 912964 - CVE-2013-0312 389-ds: unauthenticated denial of service vulnerability in handling of LDAPv3 control data Ticket 570 - DS returns error 20 when replacing values of a multi-valued attribute (only when replication is enabled) Ticket 490 - Slow role performance when using a lot of roles Ticket 590 - ns-slapd segfaults while trying to delete a tombstone entry * Wed Feb 13 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.3-1 - bump version to 1.3.0.3 - Ticket #584 - Existence of an entry is not checked when its password is to be deleted - Ticket 562 - Crash when deleting suffix * Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.2-1 - bump version to 1.3.0.2 - Ticket #542 - Cannot dynamically set nsslapd-maxbersize * Wed Jan 16 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.1-1 - bump version to 1.3.0.1 - Ticket 556 - Don't overwrite certmap.conf during upgrade * Tue Jan 8 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0.0-1 - bump version to 1.3.0.0 * Tue Jan 8 2013 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.3.rc3 - bump version to 1.3.0.rc3 - Ticket 549 - DNA plugin no longer reports additional info when range is depleted - Ticket 541 - need to set plugin as off in ldif template - Ticket 541 - RootDN Access Control plugin is missing after upgrade * Fri Dec 14 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.2.rc2 - bump version to 1.3.0.rc2 - Trac Ticket #497 - Escaped character cannot be used in the substring search filter - Ticket 509 - lock-free access to be->be_suffixlock - Trac Ticket #522 - betxn: upgrade is not implemented yet * Tue Dec 11 2012 Noriko Hosoi <nhosoi@redhat.com> - 1.3.0-0.1.rc1 - bump version to 1.3.0.rc1 - Ticket #322 - Create DOAP description for the 389 Directory Server project - Trac Ticket #499 - Handling URP results is not corrrect - Ticket 509 - lock-free access to be->be_suffixlock - Ticket 456 - improve entry cache sizing - Trac Ticket #531 - loading an entry from the database should use str2entry_f - Trac Ticket #536 - Clean up compiler warnings for 1.3 - Trac Ticket #531 - loading an entry from the database should use str2entry_fast - Ticket 509 - lock-free access to be->be_suffixlock - Ticket 527 - ns-slapd segfaults if it cannot rename the logs - Ticket 395 - RFE: 389-ds shouldn't advertise in the rootDSE that we can handle a sasl mech if we really can't - Ticket 216 - disable replication agreements - Ticket 518 - dse.ldif is 0 length after server kill or machine kill - Ticket 393 - Change in winSyncInterval does not take immediate effect - Ticket 20 - Allow automember to work on entries that have already been added - Coverity Fixes - Ticket 349 - nsViewFilter syntax issue in 389DS 1.2.5 - Ticket 337 - improve CLEANRUV functionality - Fix for ticket 504 - Ticket 394 - modify-delete userpassword - minor fixes for bdb 4.2/4.3 and mozldap - Trac Ticket #276 - Multiple threads simultaneously working on connection's private buffer causes ns-slapd to abort - Fix for ticket 465: cn=monitor showing stats for other db instances - Ticket 507 - use mutex for FrontendConfig lock instead of rwlock - Fix for ticket 510 Avoid creating an attribute just to determine the syntax for a type, look up the syntax directly by type - Coverity defect: Resource leak 13110 - Ticket 517 - crash in DNA if no dnaMagicRegen is specified - Trac Ticket #520 - RedHat Directory Server crashes (segfaults) when moving ldap entry - Trac Ticket #519 - Search with a complex filter including range search is slow - Trac Ticket #500 - Newly created users with organizationalPerson objectClass fails to sync from AD to DS with missing attribute error - Trac Ticket #311 - IP lookup failing with multiple DNS entries - Trac Ticket #447 - Possible to add invalid attribute to nsslapd-allowed-to-delete-attrs - Trac Ticket #443 - Deleting attribute present in nsslapd-allowed-to-delete-attrs returns Operations error - Ticket #503 - Improve AD version in winsync log message - Trac Ticket #190 - Un-resolvable server in replication agreement produces unclear error message - Coverity fixes - Trac Ticket #391 - Slapd crashes when deleting backends while operations are still in progress - Trac Ticket #448 - Possible to set invalid macros in Macro ACIs - Trac Ticket #498 - Cannot abaondon simple paged result search - Coverity defects - Trac Ticket #494 - slapd entered to infinite loop during new index addition - Fixing compiler warnings in the posix-winsync plugin - Coverity defects - Ticket 147 - Internal Password Policy usage very inefficient - Ticket 495 - internalModifiersname not updated by DNA plugin - Revert "Ticket 495 - internalModifiersname not updated by DNA plugin" - Ticket 495 - internalModifiersname not updated by DNA plugin - Ticket 468 - if pam_passthru is enabled, need to AC_CHECK_HEADERS([security/pam_appl.h]) - Ticket 486 - nsslapd-enablePlugin should not be multivalued - Ticket 488 - Doc: DS error log messages with typo - Trac Ticket #451 - Allow db2ldif to be quiet - Ticket #491 - multimaster_extop_cleanruv returns wrong error codes - Ticket #481 - expand nested posix groups - Trac Ticket #455 - Insufficient rights to unhashed#user#password when user deletes his password - Ticket #446 - anonymous limits are being applied to directory manager ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #999634 - CVE-2013-4283 389-ds-base: ns-slapd crash due to bogus DN https://bugzilla.redhat.com/show_bug.cgi?id=999634 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|